{ "id": "CVE-2009-3022", "sourceIdentifier": "cve@mitre.org", "published": "2009-08-31T20:30:01.047", "lastModified": "2017-08-17T01:31:00.727", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en bingo!CMS v1.2 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de otros usuarios para peticiones que modifican la configuraci\u00f3n o cambian el contenidos a trav\u00e9s de vectores no especificados." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-352" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:commercial:*:*:*:*:*", "versionEndIncluding": "1.2", "matchCriteriaId": "F782FA95-6C66-4A3E-AE0E-AD4419A89C80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:core:*:*:*:*:*", "versionEndIncluding": "1.2", "matchCriteriaId": "C8D7A923-B0C6-4660-A204-7FB68CBE78A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "619FADEB-7A2D-4928-9B12-DD67F0F721BD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:-:*:*:*:*:*:*", "matchCriteriaId": "B3EE1CDD-4E72-4033-A083-AEF17E0BFB3A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:-:commercial:*:*:*:*:*", "matchCriteriaId": "51B80A98-14EB-4F8F-BA8C-405A00A373D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:-:core:*:*:*:*:*", "matchCriteriaId": "B2733D8A-1606-4593-8056-1F411116DC64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:a:*:*:*:*:*:*", "matchCriteriaId": "147BE856-4EB4-466D-B315-0908C89C5851" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:a:commercial:*:*:*:*:*", "matchCriteriaId": "CC05A9FF-B0FC-46B1-841E-D6416599CE4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.0:a:core:*:*:*:*:*", "matchCriteriaId": "94D40EC9-54F0-4233-836A-725D53EB35D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "24AFBCF3-2745-4C97-9F4B-1F14E4974DDD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:-:*:*:*:*:*:*", "matchCriteriaId": "7635F4B0-1644-485B-9CE8-595013509D4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:-:commercial:*:*:*:*:*", "matchCriteriaId": "4A0EB665-258A-43B1-9C2D-85B70A6BFB38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:-:core:*:*:*:*:*", "matchCriteriaId": "D3ACFFE6-EBE6-4273-84AD-E31429820A1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:a:*:*:*:*:*:*", "matchCriteriaId": "CE96C6B9-6542-4590-A491-BC652A75FA7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:a:commercial:*:*:*:*:*", "matchCriteriaId": "276023C6-BA5A-402A-9241-2819A11BA33E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:a:core:*:*:*:*:*", "matchCriteriaId": "1660C1EC-FCDD-4486-8F7E-9C7B0A9E833D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:b:*:*:*:*:*:*", "matchCriteriaId": "CC1FC579-1201-436E-9004-B45B761F3ABA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:b:commercial:*:*:*:*:*", "matchCriteriaId": "B4C1C2A1-4259-42EE-B34E-4D4478CEFEAE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.1:b:core:*:*:*:*:*", "matchCriteriaId": "B67F71C4-25D9-46D6-96E8-5B0F26CF43A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0D033C8-41ED-4FD1-88F1-0D031BE627EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:1.2:-:*:*:*:*:*:*", "matchCriteriaId": "D498BEE6-824C-4C5A-8D00-1E7E8DC139B5" } ] } ] } ], "references": [ { "url": "http://jvn.jp/en/jp/JVN68640473/index.html", "source": "cve@mitre.org" }, { "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html", "source": "cve@mitre.org" }, { "url": "http://www.bingo-cms.jp/security/jvn68640473.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838", "source": "cve@mitre.org" } ] }