Lucene search

MitreCVE-2008-3716

HistoryAug 19, 2008 - 7:41 p.m.

CVE-2008-3716

2008-08-1919:41:00

CWE-352

mitre

web.nvd.nist.gov

cve-2008-3716

cross-site request forgery

csrf vulnerability

harmoni

nvd

remote attackers

administrative modifications

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.

Affected configurations

Nvd

Node

harmoniharmoniRange≤1.4.7

harmoniharmoniMatch0.0.2

harmoniharmoniMatch0.0.3

harmoniharmoniMatch0.0.4

harmoniharmoniMatch0.0.5

harmoniharmoniMatch0.1.0

harmoniharmoniMatch0.2.0

harmoniharmoniMatch0.3.0

harmoniharmoniMatch0.3.1

harmoniharmoniMatch0.3.2

harmoniharmoniMatch0.5.1

harmoniharmoniMatch0.6.0

harmoniharmoniMatch0.6.2

harmoniharmoniMatch0.7.0

harmoniharmoniMatch0.7.1

harmoniharmoniMatch0.7.2

harmoniharmoniMatch0.7.6

harmoniharmoniMatch0.7.7

harmoniharmoniMatch0.9.0

harmoniharmoniMatch0.10.1

harmoniharmoniMatch0.11.0

harmoniharmoniMatch0.12.0

harmoniharmoniMatch0.12.1

harmoniharmoniMatch0.12.3

harmoniharmoniMatch0.13.0

harmoniharmoniMatch0.13.1

harmoniharmoniMatch0.13.2

harmoniharmoniMatch0.13.3

harmoniharmoniMatch0.13.4

harmoniharmoniMatch0.13.5

harmoniharmoniMatch0.13.6

harmoniharmoniMatch0.13.7

harmoniharmoniMatch1.0.0

harmoniharmoniMatch1.0.1

harmoniharmoniMatch1.0.2

harmoniharmoniMatch1.0.3

harmoniharmoniMatch1.0.5

harmoniharmoniMatch1.0.6

harmoniharmoniMatch1.1.0

harmoniharmoniMatch1.3.0

harmoniharmoniMatch1.3.2

harmoniharmoniMatch1.3.4

harmoniharmoniMatch1.3.5

harmoniharmoniMatch1.4.2

harmoniharmoniMatch1.4.6

VendorProductVersionCPE
harmoniharmoni*cpe:2.3:a:harmoni:harmoni:*:*:*:*:*:*:*:*
harmoniharmoni0.0.2cpe:2.3:a:harmoni:harmoni:0.0.2:*:*:*:*:*:*:*
harmoniharmoni0.0.3cpe:2.3:a:harmoni:harmoni:0.0.3:*:*:*:*:*:*:*
harmoniharmoni0.0.4cpe:2.3:a:harmoni:harmoni:0.0.4:*:*:*:*:*:*:*
harmoniharmoni0.0.5cpe:2.3:a:harmoni:harmoni:0.0.5:*:*:*:*:*:*:*
harmoniharmoni0.1.0cpe:2.3:a:harmoni:harmoni:0.1.0:*:*:*:*:*:*:*
harmoniharmoni0.2.0cpe:2.3:a:harmoni:harmoni:0.2.0:*:*:*:*:*:*:*
harmoniharmoni0.3.0cpe:2.3:a:harmoni:harmoni:0.3.0:*:*:*:*:*:*:*
harmoniharmoni0.3.1cpe:2.3:a:harmoni:harmoni:0.3.1:*:*:*:*:*:*:*
harmoniharmoni0.3.2cpe:2.3:a:harmoni:harmoni:0.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
harmoni	harmoni	*	cpe:2.3:a:harmoni:harmoni::::::::
harmoni	harmoni	0.0.2	cpe:2.3:a:harmoni:harmoni:0.0.2:::::::*
harmoni	harmoni	0.0.3	cpe:2.3:a:harmoni:harmoni:0.0.3:::::::*
harmoni	harmoni	0.0.4	cpe:2.3:a:harmoni:harmoni:0.0.4:::::::*
harmoni	harmoni	0.0.5	cpe:2.3:a:harmoni:harmoni:0.0.5:::::::*
harmoni	harmoni	0.1.0	cpe:2.3:a:harmoni:harmoni:0.1.0:::::::*
harmoni	harmoni	0.2.0	cpe:2.3:a:harmoni:harmoni:0.2.0:::::::*
harmoni	harmoni	0.3.0	cpe:2.3:a:harmoni:harmoni:0.3.0:::::::*
harmoni	harmoni	0.3.1	cpe:2.3:a:harmoni:harmoni:0.3.1:::::::*
harmoni	harmoni	0.3.2	cpe:2.3:a:harmoni:harmoni:0.3.2:::::::*

Rows per page:

1-10 of 451

References

secunia.com/advisories/31503

sourceforge.net/project/shownotes.php?release_id=619864

sourceforge.net/tracker/index.php?func=detail&aid=2040513&group_id=82171&atid=1098812

www.securityfocus.com/bid/30706

exchange.xforce.ibmcloud.com/vulnerabilities/44483

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6427

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

Related for CVE-2008-3716