mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
115 lines
3.4 KiB
JSON
115 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2014-1615",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2014-04-22T14:23:35.283",
|
|
"lastModified": "2024-11-21T02:04:43.460",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "M\u00faltiples vulnerabilidades de CSRF en Carbon Black anterior a 4.1.0 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que a\u00f1aden usuarios administrativos nuevos y tener otra acci\u00f3n no especificada, tal y como fue demostrado por una solicitud hacia api/user."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 6.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:carbonblack:carbon_black:*:beta2:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.1.0",
|
|
"matchCriteriaId": "90E2E7E6-BA01-4C60-9E8D-B7B6B17C399B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:carbonblack:carbon_black:4.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1673B83-5DCC-4C5E-BE19-0C1814A16EA2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:carbonblack:carbon_black:4.1.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5A4F72AF-221D-40D4-805C-72A3D90445B5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://secunia.com/advisories/57645",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57645",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
}
|
|
]
|
|
} |