CVE-2015-3388

Published: Apr 21, 2015Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.

Affected (1)

Products: Balanced: Commerce Balanced Payments

1 product

Commerce Balanced Payments

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Balanced Commerce Balanced Payments	Up to 7.x-1.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.openwall.com/lists/oss-security/2015/02/13/12

Source: cve@mitre.org

http://www.securityfocus.com/bid/72615

Source: cve@mitre.org

https://www.drupal.org/node/2424435

Source: cve@mitre.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2015/02/13/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72615

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.drupal.org/node/2424435

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.