Skip to main content

Alfresco CVE-2015-3366

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2015-04-21 cve@mitre.org
5.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 21, 2015 - 16:59 cve.org
MEDIUM 5.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. Affected products include: Alfresco. Version information: before 6..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2019-14222 CRITICAL POC
9.8 Sep 05

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. Rated critical severity (CVSS 9.8), this v

CVE-2014-9301 MEDIUM POC
6.4 Dec 07

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows

CVE-2019-14224 HIGH POC
7.2 Sep 05

An issue was discovered in Alfresco Community Edition 5.2 201707. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2014-9300 MEDIUM POC
6.8 Dec 07

Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Servic

CVE-2019-14223 MEDIUM POC
6.1 Sep 06

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. Rated medium severity (CVSS

CVE-2019-15566 CRITICAL
9.8 Aug 26

The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. Rated critical sev

CVE-2020-8778 MEDIUM POC
5.4 Mar 02

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,

CVE-2020-8777 MEDIUM POC
5.4 Mar 02

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo,

CVE-2020-8776 MEDIUM POC
5.4 Mar 02

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a

CVE-2019-19496 MEDIUM POC
5.4 Dec 02

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. Rated medium severity (CVSS 5.4), this

CVE-2014-2939 MEDIUM
4.3 Jun 02

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inj

Share

CVE-2015-3366 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy