| Vulnerability Name: | CVE-2013-4050 (CCN-86443) | ||||||||
| Assigned: | 2013-11-05 | ||||||||
| Published: | 2013-11-05 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:C)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:W/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4050 Source: CCN Type: SA55541 IBM Domino Web Administrator Cross-Site Scripting and Request Forgery Vulnerabilities Source: CCN Type: IBM Security Bulletin 1652988 For safer administration of IBM Domino server, use Domino Administrator client instead of Domino Web Administrator Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21652988 Source: CCN Type: BID-63577 IBM Domino Web Administrator CVE-2013-4050 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN domino-webadmin-cve20134050-csrf(86433) Source: XF Type: UNKNOWN ibm-domino-cve20134050-csrf(86443) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||