CVE-2018-10232

Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
topdesktopdesk
8.05.001 ≤
𝑥
< 8.05.017
topdesktopdesk
5.7
topdesktopdesk
5.7:service_release1
topdesktopdesk
5.7:service_release2
topdesktopdesk
5.7:service_release3
topdesktopdesk
5.7:service_release4
topdesktopdesk
5.7:service_release5
topdesktopdesk
5.7:service_release6
topdesktopdesk
5.7:service_release7
topdesktopdesk
5.7:service_release8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551
https://page.topdesk.com/cve-2018-10231-and-cve-2018-10232?hs_preview=slNSCcfI-5931819551