CSRF Vulnerabilities in Hexis HawkEye G by Hexis
CVE-2015-2878
8.8HIGH
Summary
Multiple cross-site request forgery vulnerabilities exist in Hexis HawkEye G version 3.0.1.4912. These vulnerabilities allow remote attackers to exploit administrative sessions by sending crafted requests. Attackers can manipulate requests to add unauthorized user accounts, disable crucial security features like URL matching and DNS injection, or whitelist malicious MD5 hash identifiers, thereby undermining the product's security integrity.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved