PT-2021-11092 · Quadbase · Quadbase Expressdashboard
Published
2021-03-15
·
Updated
2021-05-21
·
CVE-2020-24982
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Quadbase ExpressDashboard (EDAB) version 7 Update 9
Description:
An issue allows Cross-Site Request Forgery (CSRF), which is an attack that tricks an authenticated user into performing unintended actions. In this case, an attacker may be able to trick an authenticated user into changing the email address associated with their account.
Recommendations:
For Quadbase ExpressDashboard (EDAB) version 7 Update 9, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized changes to user accounts. As a temporary workaround, restrict access to sensitive account settings until a patch is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quadbase Expressdashboard