CVE-2024-56903

Name of the Vulnerable Software and Affected Versions Geovision GV-ASWeb versions 6.1.1.0 and earlier

Description The issue allows attackers to execute arbitrary operations via supplying a crafted HTTP request, specifically due to a Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb. This enables attackers to perform unauthorized actions.

Recommendations For Geovision GV-ASWeb versions 6.1.1.0 and earlier, update to a version later than 6.1.1.0 to resolve the issue. As a temporary workaround, consider implementing additional validation for HTTP requests to minimize the risk of exploitation. Restrict access to sensitive operations to minimize the risk of unauthorized actions.