Lucene search

ViMbAdmin CSRF Vulnerabilities

🗓️ 17 May 2022 02:38:12Reported by GitHub Advisory DatabaseType

ViMbAdmin CSRF Vulnerabilities in addAction and purgeAction functions allow remote attackers to hijack authentication of logged administrators to perform unauthorized actions such as adding/removing users, changing passwords, and manipulating mailbox and alias addresses

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
0day.today	ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerability	5 May 201700:00	–	zdt
Veracode	Multiple Cross-site Request Forgery(CSRF) Vulnerabilities	28 Jun 201702:52	–	veracode
exploitpack	ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities	5 May 201700:00	–	exploitpack
Cvelist	CVE-2017-6086	27 Jun 201720:00	–	cvelist
OSV	ViMbAdmin CSRF Vulnerabilities	17 May 202202:12	–	osv
OSV	CVE-2017-6086	27 Jun 201720:29	–	osv
Packet Storm	ViMbAdmin 3.0.15 Cross Site Request Forgery	5 May 201700:00	–	packetstorm
NVD	CVE-2017-6086	27 Jun 201720:29	–	nvd
Exploit DB	ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities	5 May 201700:00	–	exploitdb
Prion	Cross site request forgery (csrf)	27 Jun 201720:29	–	prion

Vulners

Node

opensolutions vimbadminRange≤3.0.15

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-6086
exploit-db	www.exploit-db.com/exploits/41967/
openwall	www.openwall.com/lists/oss-security/2017/05/03/7
github	www.github.com/opensolutions/ViMbAdmin/issues/250
github	www.github.com/advisories/GHSA-rrmf-fpmm-jpwr

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 02:12Current

7.5High risk

Vulners AI Score7.5

CVSS26.8

CVSS38.8

EPSS0.00304

CWE-352