Veeam ONE Reporter 9.5.0.3201 cross site request forgery [CVE-2019-11569]
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 4.2 | $0-$5k |
A vulnerability, which was classified as problematic, has been found in Veeam ONE Reporter 9.5.0.3201 (Reporting Software). This issue affects some functionality. The manipulation with an unknown input leads to a cross site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. Impacted is integrity. An attacker might be able force legitimate users to initiate unwanted actions within the web application.
The weakness was published 05/06/2019 as EDB-ID 46765 as uncorroborated exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. The identification of this vulnerability is CVE-2019-11569 since 04/27/2019. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a public exploit is available.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The exploit is available at exploit-db.com.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Vendor
Name
VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.3
VulDB Temp Score: 4.2
VulDB Vector: ?
VulDB Reliability: ?
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Cross site request forgery (CWE-352)
Local: No
Remote: Yes
Availability: ?
Access: Public
Status: Proof-of-Concept
Download: ?
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Exploit-DB: ?
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?
Exploit Delay Time: ?04/27/2019 CVE assigned
05/06/2019 Advisory disclosed
05/06/2019 Exploit disclosed
05/06/2019 EDB entry disclosed
05/07/2019 VulDB entry created
05/07/2019 VulDB last updateAdvisory: EDB-ID 46765
Status: Uncorroborated
CVE: CVE-2019-11569 (?)
Created: 05/07/2019 07:23 AM
Complete: ?
Comments
Check our Alexa App!
https://vuldb.com/?id.134435
Comments are closed.
No comments yet. Please log in to comment.