Lucene search

MitreCVE-2014-10008

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-10008

2015-01-1311:59:17

CWE-352

mitre

web.nvd.nist.gov

csrf

stark crm 1.0

remote attacks

authentication hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.017

Percentile

87.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.

Affected configurations

Nvd

Node

iwcnstark_crmMatch1.0

VendorProductVersionCPE
iwcnstark_crm1.0cpe:2.3:a:iwcn:stark_crm:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iwcn	stark_crm	1.0	cpe:2.3:a:iwcn:stark_crm:1.0:::::::*

References

secunia.com/advisories/57048

www.zeroscience.mk/codes/starkcrm_mv.txt

www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php

exchange.xforce.ibmcloud.com/vulnerabilities/91267

exchange.xforce.ibmcloud.com/vulnerabilities/91268

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.017

Percentile

87.6%

JSON

Related for CVE-2014-10008