CVE-2018-8764

NONE EPSS 67.9%
Published Mar 27, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 27, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

Threat Intelligence

EPSS Exploit Probability
67.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 3

VendorProductVersionRange
debiandebian_linux8.0any
debiandebian_linux9.0any
ldap-account-managerldap_account_manager* <6.3

References 3

  • packetstormsecurity.com http://packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-Scripting.html
    ExploitThird Party AdvisoryVDB Entry
  • seclists.org http://seclists.org/fulldisclosure/2018/Mar/45
    ExploitMailing ListThird Party Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4165
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.