{ "id": "CVE-2015-2852", "sourceIdentifier": "cret@cert.org", "published": "2015-05-30T19:59:04.897", "lastModified": "2016-12-03T03:07:02.780", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators." }, { "lang": "es", "value": "Vulnerabilidad de CSRF en el componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-352" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.8.3", "matchCriteriaId": "041A6762-C233-4163-8692-4DE054F1C9EE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6B04FC6-F165-4590-B088-7F126667ACD3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.8.3", "matchCriteriaId": "658F9B38-DA76-4CF8-961C-DCD596DEC697" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "F280A1EE-FEB6-435E-B566-132E9C2F54C2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.8.3", "matchCriteriaId": "33E52942-0C82-472D-8065-8D33221285EE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CA4AEA-C309-4E96-8835-CADB7FA32C05" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.8.3", "matchCriteriaId": "6A543761-A119-465D-A249-47347CE5EED9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB72CFF6-C8B6-429C-A036-2560CAE3C713" } ] } ] } ], "references": [ { "url": "http://www.kb.cert.org/vuls/id/498348", "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.securityfocus.com/bid/74921", "source": "cret@cert.org" }, { "url": "https://bto.bluecoat.com/security-advisory/sa96", "source": "cret@cert.org", "tags": [ "Vendor Advisory" ] } ] }