CVE-2018-13793

Published: Jul 9, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.

Affected (7)

Products: Abbyy: Flexicapture

Abbyy

1 product

Flexicapture

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Abbyy Flexicapture	Version 12.0.1.263
Abbyy Flexicapture	Version 12.0.1.267
Abbyy Flexicapture	Version 12.0.1.282
Abbyy Flexicapture	Version 12.0.1.292
Abbyy Flexicapture	Version 12.0.1.367
Abbyy Flexicapture	Version 12.0.1.428
Abbyy Flexicapture	Version 12.0.1.475

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf

Source: cve@mitre.org

Release NotesVendor Advisory

http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.