CVE-2020-14989

MEDIUM

Bloomreach Experience Manager <14.2.2 - CSRF

Title source: llm
STIX 2.1

Description

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://tvrbk.github.io/cve/2021/03/09/brXM.html

Scores

CVSS v3 6.5
EPSS 0.0059
EPSS Percentile 44.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
bloomreach/experience_manager 14.1.0 - 14.2.2
Published Mar 11, 2021
Tracked Since Feb 18, 2026