Lucene search

JpcertCVE-2024-36452

HistoryJul 10, 2024 - 7:15 a.m.

CVE-2024-36452

2024-07-1007:15:03

jpcert

web.nvd.nist.gov

ajaxterm module

cross-site request forgery

webmin 2.003

unintended operations

malicious page

data breach

altered webpage

server halt

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.2%

JSON

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

Affected configurations

Vulners

Node

webminwebminRange<2.003

VendorProductVersionCPE
webminwebmin*cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
webmin	webmin	*	cpe:2.3:a:webmin:webmin::::::::

CNA Affected

[
  {
    "vendor": "Webmin",
    "product": "Webmin",
    "versions": [
      {
        "version": "versions prior to 2.003",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN81442045/

webmin.com/