valtech IDP Test Client python-flask/main.py cross-site request forgery

A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. Using CWE to declare the problem leads to CWE-352. The weakness was presented 12/31/2022 as f1e7b3d431c8681ec46445557125890c14fa295f. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2014-125028. The attack may be launched remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field12/31/2022 20:1601/26/2023 14:5801/26/2023 15:02
vendorvaltechvaltechvaltech
nameIDP Test ClientIDP Test ClientIDP Test Client
filepython-flask/main.pypython-flask/main.pypython-flask/main.py
cwe352 (cross-site request forgery)352 (cross-site request forgery)352 (cross-site request forgery)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierf1e7b3d431c8681ec46445557125890c14fa295ff1e7b3d431c8681ec46445557125890c14fa295ff1e7b3d431c8681ec46445557125890c14fa295f
urlhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295fhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295fhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f
namePatchPatchPatch
patch_namef1e7b3d431c8681ec46445557125890c14fa295ff1e7b3d431c8681ec46445557125890c14fa295ff1e7b3d431c8681ec46445557125890c14fa295f
patch_urlhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295fhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295fhttps://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f
cveCVE-2014-125028CVE-2014-125028CVE-2014-125028
responsibleVulDBVulDBVulDB
date1672441200 (12/31/2022)1672441200 (12/31/2022)1672441200 (12/31/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_basescore4.34.35.8
cvss3_meta_tempscore4.14.15.7
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672441200 (12/31/2022)1672441200 (12/31/2022)
cve_nvd_summaryA vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore5.0
cvss3_nvd_basescore8.8
cvss3_cna_basescore4.3

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!