Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistINCIBECVELIST:CVE-2023-24518
HistoryOct 03, 2023 - 10:41 a.m.

CVE-2023-24518 Disabling the administrator's account through cross-site request forgery

2023-10-0310:41:42
CWE-352
INCIBE
www.cve.org
cve-2023-24518
cross-site request forgery
web application
pandora fms
version 767
security vulnerability

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0005 Low

EPSS

Percentile

18.0%

JSON

A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "All"
    ],
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThanOrEqual": "v767",
        "status": "affected",
        "version": "v0",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
nvd 1
prion 1
cve
cve
CVE-2023-24518
2023-10-03 11:15:25
nvd
nvd
CVE-2023-24518
2023-10-03 11:15:25
prion
prion
Cross site request forgery (csrf)
2023-10-03 11:15:00

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0005 Low

EPSS

Percentile

18.0%

JSON
Related for CVELIST:CVE-2023-24518
cve1nvd1prion1