CVE-2013-3935

Published: Jan 2, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

Affected (2)

Products: Opsview: Opsview, Opsview Core

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opsview Opsview	Before 4.4.1
Opsview Opsview Core	Before 20130522

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822

Source: PSIRT-CNA@flexerasoftware.com

Release Notes

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes

Source: PSIRT-CNA@flexerasoftware.com

Broken Link

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.