Cross site request forgery (csrf)

2021-02-1118:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.

CPENameOperatorVersion
cloud_access_connectorle31

CPE	Name	Operator	Version
	cloud_access_connector	le	31

References

advisory.teradici.com/security-advisories/70/