A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit Mailing List Third Party Advisory |
https://vuldb.com/?id.98930 | Third Party Advisory |
http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit Mailing List Third Party Advisory |
https://vuldb.com/?id.98930 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
21 Nov 2024, 03:22
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2017/Mar/58 - Exploit, Mailing List, Third Party Advisory | |
References | () https://vuldb.com/?id.98930 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 5.3 |
Information
Published : 2022-06-09 23:15
Updated : 2024-11-21 03:22
NVD link : CVE-2017-20020
Mitre link : CVE-2017-20020
CVE.ORG link : CVE-2017-20020
JSON object : View
Products Affected
solar-log
- solar-log_250_firmware
- solar-log_500_firmware
- solar-log_1000_firmware
- solar-log_800e
- solar-log_2000_firmware
- solar-log_1200
- solar-log_250
- solar-log_1200_firmware
- solar-log_300_firmware
- solar-log_300
- solar-log_800e_firmware
- solar-log_1000
- solar-log_1000_pm\+_firmware
- solar-log_1000_pm\+
- solar-log_2000
- solar-log_500
CWE
CWE-352
Cross-Site Request Forgery (CSRF)