Vulnerability Details CVE-2012-4051
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html
- http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/555668
- http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html
- http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/555668
Products affected by CVE-2012-4051
-
cpe:2.3:a:jamf:casper_suite:*
-
cpe:2.3:a:jamf:casper_suite:7.0
-
cpe:2.3:a:jamf:casper_suite:7.1
-
cpe:2.3:a:jamf:casper_suite:7.2
-
cpe:2.3:a:jamf:casper_suite:7.3
-
cpe:2.3:a:jamf:casper_suite:8.0
-
cpe:2.3:a:jamf:casper_suite:8.1
-
cpe:2.3:a:jamf:casper_suite:8.2
-
cpe:2.3:a:jamf:casper_suite:8.3
-
cpe:2.3:a:jamf:casper_suite:8.4
-
cpe:2.3:a:jamf:casper_suite:8.43
-
cpe:2.3:a:jamf:casper_suite:8.5
-
cpe:2.3:a:jamf:casper_suite:8.51