CVE-2015-6493

2015-10-2810:59:15

CWE-352

icscert

web.nvd.nist.gov

cve-2015-6493

csrf

vulnerability

infinite automation

mango automation

remote authentication

hijack

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

46.6%

JSON

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

Nvd

Node

infinite_automation_systemsmango_automationMatch2.5.0

infinite_automation_systemsmango_automationMatch2.5.5

infinite_automation_systemsmango_automationMatch2.6.0

VendorProductVersionCPE
infinite_automation_systemsmango_automation2.5.0cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*
infinite_automation_systemsmango_automation2.5.5cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*
infinite_automation_systemsmango_automation2.6.0cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infinite_automation_systems	mango_automation	2.5.0	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:::::::*
infinite_automation_systems	mango_automation	2.5.5	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:::::::*
infinite_automation_systems	mango_automation	2.6.0	cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:::::::*