CVE-2019-7281

HIGH

Prima Systems FlexAir <2.3.38 - CSRF

Title source: llm
STIX 2.1

Description

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.

References (3)

Core 3
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://applied-risk.com/labs/advisories
Third Party Advisory x_refsource_misc
https://www.applied-risk.com/resources/ar-2019-007
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
primasystems/flexair < 2.3.38
Published Jul 01, 2019
Tracked Since Feb 18, 2026