CVE-2007-1332 - Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 J

CVE-2007-1332

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.

References

Vulnerable Configurations

cpe:2.3:a:tks_banking_solutions:eportfolio:1.0:*:*:*:*:*:*:*
cpe:2.3:a:tks_banking_solutions:eportfolio:1.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	22829
bugtraq	20070305 ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities
misc	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2893 http://www.scip.ch/publikationen/advisories/scip_advisory-2893_eportfolio_%201.0_java_multiple_vulnerabilities.txt
secunia	24331
sreason	2385

Last major update

16-10-2018 - 16:37

Published

07-03-2007 - 21:19

Last modified

16-10-2018 - 16:37