CVE-2012-4002 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 42%

Vendor	Product	Version
glpi-project	glpi	𝑥 ≤ 0.83.2
glpi-project	glpi	0.5
glpi-project	glpi	0.5:rc1
glpi-project	glpi	0.5:rc2
glpi-project	glpi	0.6
glpi-project	glpi	0.6:rc1
glpi-project	glpi	0.6:rc2
glpi-project	glpi	0.6:rc3
glpi-project	glpi	0.20
glpi-project	glpi	0.21
glpi-project	glpi	0.30
glpi-project	glpi	0.31
glpi-project	glpi	0.40
glpi-project	glpi	0.41
glpi-project	glpi	0.42
glpi-project	glpi	0.51
glpi-project	glpi	0.51a:a
glpi-project	glpi	0.65
glpi-project	glpi	0.65:rc1
glpi-project	glpi	0.65:rc2
glpi-project	glpi	0.68
glpi-project	glpi	0.68:rc1
glpi-project	glpi	0.68:rc2
glpi-project	glpi	0.68:rc3
glpi-project	glpi	0.68.1
glpi-project	glpi	0.68.2
glpi-project	glpi	0.68.3
glpi-project	glpi	0.70
glpi-project	glpi	0.70:rc1
glpi-project	glpi	0.70:rc2
glpi-project	glpi	0.70:rc3
glpi-project	glpi	0.70.1
glpi-project	glpi	0.70.2
glpi-project	glpi	0.71
glpi-project	glpi	0.71.1
glpi-project	glpi	0.71.1:rc1
glpi-project	glpi	0.71.1:rc2
glpi-project	glpi	0.71.1:rc3
glpi-project	glpi	0.71.2
glpi-project	glpi	0.71.3
glpi-project	glpi	0.71.4
glpi-project	glpi	0.71.5
glpi-project	glpi	0.71.6
glpi-project	glpi	0.72
glpi-project	glpi	0.72:rc1
glpi-project	glpi	0.72:rc2
glpi-project	glpi	0.72:rc3
glpi-project	glpi	0.72.1
glpi-project	glpi	0.72.2
glpi-project	glpi	0.72.3
glpi-project	glpi	0.72.4
glpi-project	glpi	0.78
glpi-project	glpi	0.78.1
glpi-project	glpi	0.78.2
glpi-project	glpi	0.78.3
glpi-project	glpi	0.78.4
glpi-project	glpi	0.78.5
glpi-project	glpi	0.80
glpi-project	glpi	0.80.1
glpi-project	glpi	0.80.2
glpi-project	glpi	0.80.3
glpi-project	glpi	0.80.4
glpi-project	glpi	0.80.5
glpi-project	glpi	0.80.6
glpi-project	glpi	0.80.7
glpi-project	glpi	0.80.61
glpi-project	glpi	0.83
glpi-project	glpi	0.83.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

glpi

zesty	dne
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	ignored
oneiric	ignored
natty	ignored
lucid	ignored
hardy	ignored

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2012:132

http://www.openwall.com/lists/oss-security/2012/07/13/1

https://forge.indepnet.net/issues/3704

https://forge.indepnet.net/issues/3707

https://forge.indepnet.net/projects/glpi/versions/771

http://www.mandriva.com/security/advisories?name=MDVSA-2012:132

http://www.openwall.com/lists/oss-security/2012/07/13/1

https://forge.indepnet.net/issues/3704

https://forge.indepnet.net/issues/3707

https://forge.indepnet.net/projects/glpi/versions/771