CVE-2015-2848 in Tuxedo Touchالمعلومات

الملخص

بحسب MITRE

Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

03/04/2015

إفشاء

26/07/2015

الاعتدال

تمت الموافقة

إدخال

VDB-76809

EPSS

0.00660

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!