CVE-2015-3388

{"id": "CVE-2015-3388", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-04-21T18:59:10.360", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/72615", "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2424435", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en el m\u00f3dulo Commerce Balanced Payments para Drupal permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que eliminan las cuentas bancarias configuradas del usuario a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-12-06T03:00:43.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:balanced:commerce_balanced_payments:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "EDFD9D7C-F409-400C-9D6F-4714BC035C5D", "versionEndIncluding": "7.x-1.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}