| |
Vulnerability CVE-2019-14836
Published: 2021-05-26
| Description: |
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. |
Type:
CWE-352 (Cross-Site Request Forgery (CSRF))
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://bugzilla.redhat.com/show_bug.cgi?id=1847605
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
