Vulnerability Details CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-14989
-
cpe:2.3:a:bloomreach:experience_manager:14.1.0
-
cpe:2.3:a:bloomreach:experience_manager:14.1.1
-
cpe:2.3:a:bloomreach:experience_manager:14.2.1
-
cpe:2.3:a:bloomreach:experience_manager:14.2.2