PT-2019-13980 · Prise · Prise Adas
Publicado
2019-09-20
·
Atualizado
2019-09-20
·
CVE-2019-15089
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PRiSE adAS version 1.7.0
Description
An issue was discovered where forms have no CSRF protection, allowing an attacker to execute actions as the administrator.
Recommendations
For PRiSE adAS version 1.7.0, consider implementing CSRF protection to prevent attackers from executing actions as the administrator. At the moment, there is no information about a newer version that contains a fix for this issue.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Prise Adas