Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-2330

Good to know:

icon

Date: August 31, 2015

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.

Language: Python

Severity Score

Related Resources (5)

http://www.securityfocus.com/archive/1/531594
http://www.securityfocus.com/bid/66389
http://mathias-kettner.de/check_mk_werks.php?werk_id=0766
https://nvd.nist.gov/vuln/detail/CVE-2014-2330
https://www.mend.io/vulnerability-database/CVE-2014-2330

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version v1.2.5i2

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us