INCIBE has coordinated the publication of a vulnerability affecting EasyVista 2016.1.305.2, which has been discovered by Albert Sánchez Miñano.
The following code has been assigned to this vulnerability:
- CVSS v3.1 base score: 6.3
- CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
- Vulnerability type: CWE-352: Cross-Site Request Forgery (CSRF)
No existe solución identificada por el momento.
CVE-2022-0014: A CSRF vulnerability has been discovered in EasyVista affecting version 2016.1.305.2. This vulnerability could allow a remote attacker to send a manipulated post request resulting in a partial takeover of the browser session.