CVE-2012-0286

Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html
http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf	Vendor Advisory
http://www.stone-ware.com/swql.jsp?kb=d1960	Vendor Advisory
http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html
http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf	Vendor Advisory
http://www.stone-ware.com/swql.jsp?kb=d1960	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stone-ware:webnetwork::::::::
	cpe:2.3:a:stone-ware:webnetwork:6.0.5.0:::::::*

History

No history.

Information

Published : 2012-01-24 15:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0286

Mitre link : CVE-2012-0286

CVE.ORG link : CVE-2012-0286

JSON object : View

Products Affected

stone-ware

webnetwork

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2012-0286", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-24T15:55:04.893", "references": [{"url": "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html", "source": "cve@mitre.org"}, {"url": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.stone-ware.com/swql.jsp?kb=d1960", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.stone-ware.com/swql.jsp?kb=d1960", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Stoneware webNetwork anterior a v6.0.8.0 permite a atacantes remotos 'secuestrar' la autenticaci\u00f3n de v\u00edctimas no especificadas para peticiones que modifica cuentas de usuario."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stone-ware:webnetwork:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36858C02-6BCA-47E6-8A19-ABEA928C048E", "versionEndIncluding": "6.0.7.0"}, {"criteria": "cpe:2.3:a:stone-ware:webnetwork:6.0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "032FC44C-4215-492E-AB60-FF47D11FC33F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}