← Back

CVE-2019-17118

nvd nist
Published: Oct 17, 2019Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.

Affected (47)

Wikidsystems
1 product
2fa Enterprise Server
Configuration A
47 vulnerable
Vulnerable SoftwareAffected Versions
Wikidsystems
2fa Enterprise Server
Version 3.4.81 b676
2fa Enterprise Server
Version 3.4.85 b780
2fa Enterprise Server
Version 3.4.87 b1092
2fa Enterprise Server
Version 3.4.87 b1159
2fa Enterprise Server
Version 3.4.87 b1169
2fa Enterprise Server
Version 3.4.87 b1216
2fa Enterprise Server
Version 3.4.87 b824
2fa Enterprise Server
Version 3.4.87 b839
2fa Enterprise Server
Version 3.5.0 b1342
2fa Enterprise Server
Version 3.5.0 b1352
2fa Enterprise Server
Version 3.5.0 b1359
2fa Enterprise Server
Version 3.5.0 b1373
2fa Enterprise Server
Version 3.5.0 b1403
2fa Enterprise Server
Version 3.5.0 b1411
2fa Enterprise Server
Version 3.5.0 b1421
2fa Enterprise Server
Version 3.5.0 b1428
2fa Enterprise Server
Version 3.5.0 b1438
2fa Enterprise Server
Version 3.5.0 b1472
2fa Enterprise Server
Version 3.5.0 b1542
2fa Enterprise Server
Version 3.5.0 b1580
2fa Enterprise Server
Version 3.6.0 b1659
2fa Enterprise Server
Version 3.6.0 b1672
2fa Enterprise Server
Version 4.0.1 b1817
2fa Enterprise Server
Version 4.0.1 b1821
2fa Enterprise Server
Version 4.0.1 b1905
2fa Enterprise Server
Version 4.0.1 b1906
2fa Enterprise Server
Version 4.0.2 b1917
2fa Enterprise Server
Version 4.0.2 b1921
2fa Enterprise Server
Version 4.0 b1787
2fa Enterprise Server
Version 4.0 b1798
2fa Enterprise Server
Version 4.0 b1803
2fa Enterprise Server
Version 4.1.0 b1926
2fa Enterprise Server
Version 4.1.0 b1941
2fa Enterprise Server
Version 4.1.0 b1949
2fa Enterprise Server
Version 4.1.0 b1955
2fa Enterprise Server
Version 4.2.0 b1978
2fa Enterprise Server
Version 4.2.0 b1981
2fa Enterprise Server
Version 4.2.0 b1984
2fa Enterprise Server
Version 4.2.0 b2007
2fa Enterprise Server
Version 4.2.0 b2014
2fa Enterprise Server
Version 4.2.0 b2016
2fa Enterprise Server
Version 4.2.0 b2020
2fa Enterprise Server
Version 4.2.0 b2023
2fa Enterprise Server
Version 4.2.0 b2028
2fa Enterprise Server
Version 4.2.0 b2032
2fa Enterprise Server
Version 4.2.0 b2047
2fa Enterprise Server
Version 4.2.0 b2053

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch

Timeline

No history available yet.