Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Cross Site Request Forgery on EasyVista

Posted date 02/08/2023
Identificador

INCIBE-2023-0317

Importance
3 - Medium
Affected Resources

EasyVista 2016.1.305.2.

Description

INCIBE has coordinated the publication of a vulnerability affecting EasyVista 2016.1.305.2, which has been discovered by Albert Sánchez Miñano.

The following code has been assigned to this vulnerability:

CVE-2022-0014:

  • CVSS v3.1 base score: 6.3
  • CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • Vulnerability type: CWE-352: Cross-Site Request Forgery (CSRF)
Solution

No existe solución identificada por el momento.

Detail

CVE-2022-0014: A CSRF vulnerability has been discovered in EasyVista affecting version 2016.1.305.2. This vulnerability could allow a remote attacker to send a manipulated post request resulting in a partial takeover of the browser session.

References list
EasyVista
Etiquetas