Skip to main content

Knowledge CVE-2017-2097

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-04-28 vultures@jpcert.or.jp
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 28, 2017 - 16:59 cve.org
HIGH 8.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Affected products include: Support-Project Knowledge.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2020-2931 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Rated crit

CVE-2020-2791 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated critic

CVE-2016-3476 MEDIUM
6.5 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect

CVE-2020-2795 MEDIUM
6.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2018-8032 MEDIUM
6.1 Aug 02

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/serv

CVE-2020-2932 MEDIUM
5.9 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2020-2524 MEDIUM
5.9 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Rated medium severity (CV

CVE-2020-2553 MEDIUM
4.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2016-3475 MEDIUM
4.3 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users

CVE-2020-2522 MEDIUM
4.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

Share

CVE-2017-2097 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy