CVE-2020-35722

MEDIUM

Quest Policy Authority for Unified Communications 8.1.2.200 - Cross-Site Request Forgery via submitUser.jsp

Title source: llm
STIX 2.1

Description

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Scores

CVSS v3 6.5
EPSS 0.0068
EPSS Percentile 47.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
quest/policy_authority_for_unified_communications 8.1.2.200
Published Jan 11, 2021
Tracked Since Feb 18, 2026