Description
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/cases/DIVD-2020-00011/
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
Third Party Advisory x_refsource_confirm
https://www.wbsec.nl/vembu
Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/cves/CVE-2021-26474/
Scores
CVSS v3
8.6
EPSS
0.0071
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-352
Status
published
Products (3)
vembu/bdr_suite
< 4.2.0
vembu/offsite_dr
4.2.0
vembu/offsite_dr
4.2.0.1
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026