CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
A vulnerability in GLPI’s asset and data center management software involves
server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object.
remotely to execute an SSRF-based attack using arbitrary object creation
The vulnerability in the GLPI computer equipment request, incident and inventory system is related to the
flaws in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting
remotely to gain unauthorized access to protected information
GLPI asset management and data center management software vulnerability is related to an
improper authorization. Exploitation of the vulnerability could allow an attacker acting remotely,
obtain sensitive information
Vulnerability in GLPI’s computer equipment requisition, incident and inventory system is related to
Failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary SQL code in a search engine to retrieve data
GLPI asset management and data center management software vulnerability is related to the
neutralization of special elements used in an LDAP query. Exploitation of the vulnerability could
Allow an attacker acting remotely to exploit LDAP injections
The GLPI asset and data center management software vulnerability is related to
Providing a malicious link to the GLPI administrator to an unauthenticated user. Exploitation of the
of the vulnerability could allow an attacker acting remotely to perform an XSS attack
GLPI asset and data center management software vulnerability is related to
Improper neutralization of input data during web page generation. Exploitation of the vulnerability could
Allow an attacker acting remotely to use a malicious URL to perform XSS on
report pages