An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.
References
Link | Resource |
---|---|
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit Third Party Advisory |
https://www.seling.it/product/vam/ | Product Vendor Advisory |
https://www.seling.it/ | Product |
Configurations
Information
Published : 2020-02-26 08:15
Updated : 2020-02-27 06:54
NVD link : CVE-2019-19987
Mitre link : CVE-2019-19987
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
seling
- visual_access_manager