CVE-2024-3782 | THREATINT

Description

Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.

PUBLISHED Reserved 2024-04-15 | Published 2024-04-15 | Updated 2024-08-01 | Assigner INCIBE

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

21.02.04

affected

Credits

Alejandro Amorín Niño finder

Guillermo Tuvilla Gómez finder

Sergio Román Hurtado finder

References

www.incibe.es/...erabilities-wbsairback-white-bear-solutions

cve.org (CVE-2024-3782)

nvd.nist.gov (CVE-2024-3782)

Download JSON