Lucene search

MitreCVE-2015-3624

HistoryJun 09, 2015 - 2:59 p.m.

CVE-2015-3624

2015-06-0914:59:03

CWE-352

mitre

web.nvd.nist.gov

cve-2015-3624

cross-site request forgery

csrf vulnerability

ektron cms

content deletion

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.

Affected configurations

Nvd

Node

ektronektron_content_management_systemRange≤9.1sp1

VendorProductVersionCPE
ektronektron_content_management_system*cpe:2.3:a:ektron:ektron_content_management_system:*:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
ektron	ektron_content_management_system	*	cpe:2.3:a:ektron:ektron_content_management_system::sp1::::::*

References

packetstormsecurity.com/files/132104/Ektron-CMS-9.10-SP1-Cross-Site-Request-Forgery.html

v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/

www.securityfocus.com/archive/1/535646/100/0/threaded

www.securityfocus.com/bid/74937

www.exploit-db.com/exploits/37296/

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

Related for CVE-2015-3624