CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-0713

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 85.9%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/61805
http://secunia.com/advisories/38195
http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/
http://www.securityfocus.com/archive/1/508982/100/0/threaded
http://www.securityfocus.com/bid/37843
http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html
http://osvdb.org/61805
http://secunia.com/advisories/38195
http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/
http://www.securityfocus.com/archive/1/508982/100/0/threaded
http://www.securityfocus.com/bid/37843
http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html

Products affected by CVE-2010-0713

Zenoss » Zenoss » Version: Any

cpe:2.3:a:zenoss:zenoss:*
Zenoss » Zenoss » Version: 2.3.0

cpe:2.3:a:zenoss:zenoss:2.3.0
Zenoss » Zenoss » Version: 2.3.3

cpe:2.3:a:zenoss:zenoss:2.3.3
Zenoss » Zenoss » Version: 2.4.0

cpe:2.3:a:zenoss:zenoss:2.4.0
Zenoss » Zenoss » Version: 2.4.2

cpe:2.3:a:zenoss:zenoss:2.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-0713

Products

Pricing

Contact Us