CVE-2018-8764
NONE EPSS 67.9%
Published Mar 27, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 27, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
Threat Intelligence
EPSS Exploit Probability
67.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-352 Cross-Site Request Forgery (CSRF) Authentication
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| debian | debian_linux | 8.0 | any |
| debian | debian_linux | 9.0 | any |
| ldap-account-manager | ldap_account_manager | * | <6.3 |
References 3
- packetstormsecurity.com http://packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-Scripting.html
- seclists.org http://seclists.org/fulldisclosure/2018/Mar/45
- debian.org https://www.debian.org/security/2018/dsa-4165
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.