8.8 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
75.1%
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
www.openwebanalytics.com/?p=384
www.securityfocus.com/bid/65573
exchange.xforce.ibmcloud.com/vulnerabilities/91125
www.secureworks.com/research/swrx-2014-006