Lucene search

PRIOn knowledge basePRION:CVE-2011-0545

HistoryMar 28, 2011 - 4:55 p.m.

Cross site request forgery (csrf)

2011-03-2816:55:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.

CPENameOperatorVersion
liveupdate_administratoreq2.2.2.9

CPE	Name	Operator	Version
	liveupdate_administrator	eq	2.2.2.9

References

secunia.com/advisories/43820

securityreason.com/securityalert/8160

securitytracker.com/id?1025242

sotiriu.de/adv/NSOADV-2011-001.txt

www.osvdb.org/71261

www.securityfocus.com/archive/1/517109/100/0/threaded

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00

www.vupen.com/english/advisories/2011/0727

exchange.xforce.ibmcloud.com/vulnerabilities/66213

www.exploit-db.com/exploits/17026

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for PRION:CVE-2011-0545