CVE-2021-26474

HIGH

Vembu BDR Suite < 4.2.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/cases/DIVD-2020-00011/
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
Third Party Advisory x_refsource_confirm
https://www.wbsec.nl/vembu
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/cves/CVE-2021-26474/

Scores

CVSS v3 8.6
EPSS 0.0071
EPSS Percentile 48.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-352
Status published
Products (3)
vembu/bdr_suite < 4.2.0
vembu/offsite_dr 4.2.0
vembu/offsite_dr 4.2.0.1
Published Jun 08, 2021
Tracked Since Feb 18, 2026