sah-comp bienlein 跨网站请求伪造

条目历史差异jsonxmlCTI

在sah-comp bienlein 中曾发现分类为棘手的漏洞。此漏洞会影响某些未知进程。手动调试的不合法输入可导致跨网站请求伪造。漏洞的CWE定义是 CWE-352。此漏洞的脆弱性 2022-12-21公示人身份d7836a4f2b241e4745ede194f0f6fb47199cab6b、所提交。分享公告的网址是github.com。该漏洞被标识为CVE-2020-36622，攻击可能起始于远程，无技术细节可用。没有可利用漏洞。当前漏洞利用价值为美元大约是 $0-$5k。它被宣布为未定义。我们估计的零日攻击价值约为$0-$5k。补丁名称为d7836a4f2b241e4745ede194f0f6fb47199cab6b。错误修复程序下载地址为github.com，建议采用一个补丁来修正此问题。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2022-12-21 19時38分	2023-01-22 07時10分	2023-01-22 07時16分
vendor	sah-comp	sah-comp	sah-comp
name	bienlein	bienlein	bienlein
cwe	352 (跨网站请求伪造)	352 (跨网站请求伪造)	352 (跨网站请求伪造)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	d7836a4f2b241e4745ede194f0f6fb47199cab6b	d7836a4f2b241e4745ede194f0f6fb47199cab6b	d7836a4f2b241e4745ede194f0f6fb47199cab6b
url	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b
name	补丁	补丁	补丁
patch_name	d7836a4f2b241e4745ede194f0f6fb47199cab6b	d7836a4f2b241e4745ede194f0f6fb47199cab6b	d7836a4f2b241e4745ede194f0f6fb47199cab6b
patch_url	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b	https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b
cve	CVE-2020-36622	CVE-2020-36622	CVE-2020-36622
responsible	VulDB	VulDB	VulDB
date	1671577200 (2022-12-21)	1671577200 (2022-12-21)	1671577200 (2022-12-21)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_meta_basescore	4.3	4.3	5.0
cvss3_meta_tempscore	4.1	4.1	5.0
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1671577200 (2022-12-21)	1671577200 (2022-12-21)
cve_nvd_summary		A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.	A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			H
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.5
cvss3_cna_basescore			4.3

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!