PT-2019-13980 · Prise · Prise Adas
Published
2019-09-20
·
Updated
2019-09-20
·
CVE-2019-15089
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PRiSE adAS version 1.7.0
Description
An issue was discovered where forms have no CSRF protection, allowing an attacker to execute actions as the administrator.
Recommendations
For PRiSE adAS version 1.7.0, consider implementing CSRF protection to prevent attackers from executing actions as the administrator. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prise Adas