Lucene search

MitreCVELIST:CVE-2021-26474

HistoryJun 08, 2021 - 6:39 p.m.

CVE-2021-26474 UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS

2021-06-0818:39:55

mitre

www.cve.org

vembu

server side

request forgery

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)

References

csirt.divd.nl/2021/05/11/Vembu-zero-days/

csirt.divd.nl/cases/DIVD-2020-00011/

csirt.divd.nl/cves/CVE-2021-26474/

www.wbsec.nl/vembu

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

Related for CVELIST:CVE-2021-26474