Cross Site Request Forgery on EasyVista

Posted date 02/08/2023

Importance

3 - Medium

Affected Resources

EasyVista 2016.1.305.2.

Description

INCIBE has coordinated the publication of a vulnerability affecting EasyVista 2016.1.305.2, which has been discovered by Albert Sánchez Miñano.

The following code has been assigned to this vulnerability:

CVE-2022-0014:

CVSS v3.1 base score: 6.3
CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability type: CWE-352: Cross-Site Request Forgery (CSRF)

Solution

No existe solución identificada por el momento.

Detail

CVE-2022-0014: A CSRF vulnerability has been discovered in EasyVista affecting version 2016.1.305.2. This vulnerability could allow a remote attacker to send a manipulated post request resulting in a partial takeover of the browser session.

References list

EasyVista

Etiquetas

0day
CNA
Vulnerability