VAR-201405-0423
Vulnerability from variot - Updated: 2024-02-13 23:00Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Fortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content.
Impact
A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL.
Affected Products
FortiWeb 5.1.x and lower.
Solutions
Upgrade to FortiWeb 5.2.0 or higher.
Acknowledgement
This vulnerability was separately reported by both William Costa and Enrique Nissim
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.2"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.3"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.0"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.1"
},
{
"model": "fortiweb",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.1.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortiweb",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.1"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa, and Enrique Nissim",
"sources": [
{
"db": "BID",
"id": "67235"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3115",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "LOW",
"baseScore": 5.8,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "MEDIUM",
"enviromentalScore": 1.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3115",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "MEDIUM",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-002405",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3115",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3115",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-002405",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71054",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3115",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. \nFortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. \n\nImpact\n\nA remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL. \n\nAffected Products\n\nFortiWeb 5.1.x and lower. \n\nSolutions\n\nUpgrade to FortiWeb 5.2.0 or higher. \n\nAcknowledgement\n\nThis vulnerability was separately reported by both William Costa and Enrique Nissim",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3115"
},
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "PACKETSTORM",
"id": "126543"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71054",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71054"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3115",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#902790",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1030200",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99180587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192",
"trust": 0.7
},
{
"db": "BID",
"id": "67235",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "126543",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71054",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3115",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"id": "VAR-201405-0423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71054"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:00:39.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiWeb Cross-Site Request Forgery Vulnerability",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-013/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 2.7
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-013/"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/902790"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2014/may/30"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1030200"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "http://www.fortinet.com/products/fortiweb/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3115"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99180587/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3115"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3115"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#902790"
},
{
"db": "VULHUB",
"id": "VHN-71054"
},
{
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"db": "BID",
"id": "67235"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"db": "PACKETSTORM",
"id": "126543"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-07T00:00:00",
"db": "CERT/CC",
"id": "VU#902790"
},
{
"date": "2014-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71054"
},
{
"date": "2014-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"date": "2014-05-02T00:00:00",
"db": "BID",
"id": "67235"
},
{
"date": "2014-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"date": "2014-05-07T19:32:22",
"db": "PACKETSTORM",
"id": "126543"
},
{
"date": "2014-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"date": "2014-05-08T14:29:14.830000",
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-07T00:00:00",
"db": "CERT/CC",
"id": "VU#902790"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-71054"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3115"
},
{
"date": "2014-05-08T01:11:00",
"db": "BID",
"id": "67235"
},
{
"date": "2014-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002405"
},
{
"date": "2014-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-192"
},
{
"date": "2015-08-01T01:37:30.260000",
"db": "NVD",
"id": "CVE-2014-3115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#902790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-192"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…