var-201405-0423
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Fortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content.
Impact
A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL.
Affected Products
FortiWeb 5.1.x and lower.
Solutions
Upgrade to FortiWeb 5.2.0 or higher.
Acknowledgement
This vulnerability was separately reported by both William Costa and Enrique Nissim
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.2"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.3"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.0"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.1"
},
{
"model": "fortiweb",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.1.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortiweb",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.1"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa, and Enrique Nissim",
"sources": [
{
"db": "BID",
"id": "67235"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3115",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "LOW",
"baseScore": 5.8,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "MEDIUM",
"enviromentalScore": 1.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3115",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "MEDIUM",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-002405",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3115",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3115",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-002405",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71054",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3115",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. \nFortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. \n\nImpact\n\nA remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL. \n\nAffected Products\n\nFortiWeb 5.1.x and lower. \n\nSolutions\n\nUpgrade to FortiWeb 5.2.0 or higher. \n\nAcknowledgement\n\nThis vulnerability was separately reported by both William Costa and Enrique Nissim",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3115"
},
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "PACKETSTORM",
"id": "126543"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71054",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71054"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3115",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#902790",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1030200",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99180587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192",
"trust": 0.7
},
{
"db": "BID",
"id": "67235",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "126543",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71054",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3115",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"id": "VAR-201405-0423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71054"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:00:39.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiWeb Cross-Site Request Forgery Vulnerability",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-013/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 2.7
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-013/"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/902790"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2014/may/30"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1030200"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "http://www.fortinet.com/products/fortiweb/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3115"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99180587/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3115"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3115"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-07T00:00:00",
"db": "CERT/CC",
"id": "VU#902790"
},
{
"date": "2014-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71054"
},
{
"date": "2014-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"date": "2014-05-02T00:00:00",
"db": "BID",
"id": "67235"
},
{
"date": "2014-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"date": "2014-05-07T19:32:22",
"db": "PACKETSTORM",
"id": "126543"
},
{
"date": "2014-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"date": "2014-05-08T14:29:14.830000",
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-07T00:00:00",
"db": "CERT/CC",
"id": "VU#902790"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-71054"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"date": "2014-05-08T01:11:00",
"db": "BID",
"id": "67235"
},
{
"date": "2014-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"date": "2014-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"date": "2015-08-01T01:37:30.260000",
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.