CVE-2014-0336

{"id": "CVE-2014-0336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-06T11:55:05.147", "references": [{"url": "http://www.kb.cert.org/vuls/id/823452", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en el cliente web en Serena Dimensions CM 12.2 build 7.199.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que emplean el par\u00e1metro user_new_master hacia la URI adminconsole/."}], "lastModified": "2014-03-07T19:19:02.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:serena:dimensions_cm:12.2:build7.199.0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A337C9-5AE9-4592-9B08-CCC6C7495E62"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}