CVE-2021-26474

high

Description

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)

References

Advisories

https://www.wbsec.nl/vembu

https://csirt.divd.nl/cves/CVE-2021-26474/

https://csirt.divd.nl/cases/DIVD-2020-00011/

https://csirt.divd.nl/2021/05/11/Vembu-zero-days/

Details

Source: Mitre, NVD

Published: 2021-06-08

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00234

Detections

Analytics