CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.7%
Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.
Vendor | Product | Version | CPE |
---|---|---|---|
toutvirtual | virtualiq | 3.2 | cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:*:*:*:*:* |
toutvirtual | virtualiq | 3.5 | cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:* |