CVE-2009-3022

{"id": "CVE-2009-3022", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2009-08-31T20:30:01.047", "references": [{"url": "http://jvn.jp/en/jp/JVN68640473/index.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/57425", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36458", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.bingo-cms.jp/security/jvn68640473.html", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN68640473/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/57425", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/36458", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bingo-cms.jp/security/jvn68640473.html", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en bingo!CMS v1.2 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de otros usuarios para peticiones que modifican la configuraci\u00f3n o cambian el contenidos a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:06:19.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:commercial:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F782FA95-6C66-4A3E-AE0E-AD4419A89C80", "versionEndIncluding": "1.2"}, {"criteria": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:core:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8D7A923-B0C6-4660-A204-7FB68CBE78A2", "versionEndIncluding": "1.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}