Vulnerability CVE-2019-16068

Author:
Category VulnerabilitiesNetwork




Published: 2020-03-19   Modified: 2020-03-20

Description:
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.

See advisories in our WLB2 database:

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore

6.8/10

6.4/10

8.6/10
Exploit range
Attack complexity
Authentication

Remote

Medium

No required
Confidentiality impact
Integrity impact
Availability impact

Partial

Partial

Partial
 References:

(CVE-2019-16061 –> CVE-2019-16072) Enigma NMS Multiple Vulnerabilities

closedb();
?>

Copyright 2020, cxsecurity.com

 



Source link

You must be logged in to post a comment.

RELATED STORIES
Category VulnerabilitiesNetwork

Vulnerability Summary for the Week of March 1, 2021

March 8, 2021
activerecord-session_store — activerecord-session_store  The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby...
Read More
Category VulnerabilitiesNetwork

HomePlus Pro, SmartNetwork 2, Xenon, & more…

March 7, 2021
With so much happening in the jailbreak community recently, especially with regard to the unc0ver...
Read More
Category VulnerabilitiesNetwork

Samsung fixes critical Android bugs in March 2021 updates

March 6, 2021
This week Samsung has started rolling out Android’s March security updates to mobile devices to...
Read More
Category VulnerabilitiesNetwork

Clubhouse Media Group Announces The Formation Of Groundbreaking Creator Advisory Panel

March 5, 2021
LOS ANGELES, March 5, 2021 /PRNewswire/ — Clubhouse Media Group Inc. (OTCMKTS:CMGR) (“Clubhouse Media” or the...
Read More
Category VulnerabilitiesNetwork

China and Russia’s Spying Sprees Will Take Years to Unpack

March 4, 2021
First it was Solarwinds, a reportedly Russian hacking campaign that stretches back almost a year,...
Read More
Category VulnerabilitiesNetwork

Google fixes second actively exploited Chrome zero-day bug this year

March 3, 2021
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd,...
Read More
Category VulnerabilitiesNetwork

Version checken: “High Resistance”-Firewall GeNUGate barg kritische Lücke

March 2, 2021
Das Unternehmen SEC Consult hat eine kritische Sicherheitslücke in der Firewall GeNUGate der GeNUA mbH...
Read More
Category VulnerabilitiesNetwork

Genua GenuGate High Resistance Firewall Authentication Bypass

March 1, 2021
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 > ======================================================================= title: Authentication bypass vulnerability product:...
Read More
Category VulnerabilitiesNetwork

Automotive cyber security Market Top Participant to Focus on Regional Expansion – The Bisouv Network

February 28, 2021
Automotive cyber security may be referred to a technology or system that protects or prevents...
Read More
Category VulnerabilitiesNetwork

How To Prevent an IP Address Hack

February 27, 2021
Every person on the internet has a unique ID that belongs to the machine they’re...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact