Vulnerability Name: | CVE-2010-5191 (CCN-62757) | ||||||||
Assigned: | 2010-10-22 | ||||||||
Published: | 2010-10-22 | ||||||||
Updated: | 2013-10-11 | ||||||||
Summary: | Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-352 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-5191 Source: CCN Type: SA41964 Blue Coat ProxyAV Cross-Site Request Forgery Vulnerability Source: CCN Type: OSVDB ID: 68879 Blue Coat ProxyAV Multiple Admin Function CSRF Source: CCN Type: BID-44385 Blue Coat ProxyAV Multiple Cross Site Request Forgery Vulnerabilities Source: XF Type: UNKNOWN proxyav-multiple-csrf(62757) Source: CCN Type: Blue Coat SA46 ProxyAV Cross Site Request Forgery vulnerability Source: CONFIRM Type: UNKNOWN https://kb.bluecoat.com/index?page=content&id=SA46 | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |