CVE-2019-19987

MEDIUM

Selesta Visual Access Manager 4.15.0-4.29.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.seling.it/
Product, Vendor Advisory x_refsource_misc
https://www.seling.it/product/vam/

Scores

CVSS v3 6.5
EPSS 0.0055
EPSS Percentile 41.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
seling/visual_access_manager 4.15.0 - 4.29.0
Published Feb 26, 2020
Tracked Since Feb 18, 2026