CVE-2008-6239

Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://holisticinfosec.org/content/view/96/45/
http://secunia.com/advisories/33339	Vendor Advisory
http://www.osvdb.org/51027
https://exchange.xforce.ibmcloud.com/vulnerabilities/47691
http://holisticinfosec.org/content/view/96/45/
http://secunia.com/advisories/33339	Vendor Advisory
http://www.osvdb.org/51027
https://exchange.xforce.ibmcloud.com/vulnerabilities/47691

Configurations

Configuration 1 (hide)

cpe:2.3:a:openedit:openedit_digital_asset_management:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:56

Type	Values Removed	Values Added
References	~~() http://holisticinfosec.org/content/view/96/45/ -~~	() http://holisticinfosec.org/content/view/96/45/ -
References	~~() http://secunia.com/advisories/33339 - Vendor Advisory~~	() http://secunia.com/advisories/33339 - Vendor Advisory
References	~~() http://www.osvdb.org/51027 -~~	() http://www.osvdb.org/51027 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/47691 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/47691 -

Information

Published : 2009-02-23 15:30

Updated : 2024-11-21 00:56

NVD link : CVE-2008-6239

Mitre link : CVE-2008-6239

CVE.ORG link : CVE-2008-6239

JSON object : View

Products Affected

openedit

openedit_digital_asset_management

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2008-6239", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-02-23T15:30:04.047", "references": [{"url": "http://holisticinfosec.org/content/view/96/45/", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33339", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/51027", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47691", "source": "cve@mitre.org"}, {"url": "http://holisticinfosec.org/content/view/96/45/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33339", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/51027", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47691", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en versiones de OpenEdit Digital Asset Management (DAM) anteriores a 5.2014 permite a atacantes remotos ejecutar acciones sin especificar como usuarios arbitrarios a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T00:56:01.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openedit:openedit_digital_asset_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F24D6E6D-25AC-44A8-88DD-95CC900245F3", "versionEndIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}