CVE-2010-2151

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://jvn.jp/en/jp/JVN82465391/index.html
http://www.securityfocus.com/bid/40517
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html	Vendor Advisory
http://secunia.com/advisories/40029	Vendor Advisory
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fujitsu:e-pares:l01:::::::*
	cpe:2.3:a:fujitsu:e-pares:l10:::::::*
	cpe:2.3:a:fujitsu:e-pares:l20:::::::*
	cpe:2.3:a:fujitsu:e-pares:v01:::::::*
	cpe:2.3:a:fujitsu:e-pares:l30:::::::*
	cpe:2.3:a:fujitsu:e-pares:l40:::::::*
	cpe:2.3:a:fujitsu:e-pares:l03:::::::*

Information

Published : 2010-06-03 09:30

Updated : 2010-06-03 21:00

NVD link : CVE-2010-2151

Mitre link : CVE-2010-2151

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

fujitsu

e-pares

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jvn.jp/en/jp/JVN82465391/index.html", "name": "JVN#82465391", "tags": [], "refsource": "JVN"}, {"url": "http://www.securityfocus.com/bid/40517", "name": "40517", "tags": [], "refsource": "BID"}, {"url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", "name": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/40029", "name": "40029", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html", "name": "JVNDB-2010-000022", "tags": [], "refsource": "JVNDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify \"facility reservation data\" via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2151", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-06-03T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:v01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fujitsu:e-pares:l03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-06-04T04:00Z"}