Lucene search

MitreCVE-2020-24982

HistoryMar 15, 2021 - 6:15 p.m.

CVE-2020-24982

2021-03-1518:15:16

CWE-352

mitre

web.nvd.nist.gov

quadbase

expressdashboard

edab

cve-2020-24982

csrf

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.

Affected configurations

Nvd

Node

quadbaseespressdashboardMatch7.0update9

VendorProductVersionCPE
quadbaseespressdashboard7.0cpe:2.3:a:quadbase:espressdashboard:7.0:update9:*:*:*:*:*:*

Vendor	Product	Version	CPE
quadbase	espressdashboard	7.0	cpe:2.3:a:quadbase:espressdashboard:7.0:update9::::::

References

c41nc.co.uk/cve-2020-24982/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Related for CVE-2020-24982