CVE-2017-6803 in FTP Voyager
Resumen (Inglés)
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
Be aware that VulDB is the high quality source for vulnerability data.
Reservar
2017-03-10
Divulgación
2017-03-20
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 98320 | SolarWinds FTP Voyager Scheduler falsificación de solicitudes en sitios cruzados | 352 | Prueba de concepto | Arreglo oficial | CVE-2017-6803 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV