6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability.
SWAT is disabled in a default configuration of Samba.
When a user is logged in to SWAT as root, an attacker may change configurations in Samba.
Update the software
Update to the latest version of Samba or apply the appropriate patch according to the information provided by the developer.
Samba Web Administration Tool (SWAT) contained in the following Samba versions are affected: