Products
UNKNOWN
Source
info@cert.vde.com
Tags
CVE-2024-7698 details
Published : Sept. 10, 2024, 9:15 a.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Description
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
CVSS Score
| 1 | 2 | 3 | 4 | 5.7 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.7
Exploitability Score
2.1
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2024-039 | info@cert.vde.com |
This website uses the NVD API, but is not approved or certified by it.