2010-10-08 23:00:05 2010-10-11 19:45:18

Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Cisco IOS 12.2 (17d)SXB8 Cisco IOS 12.2 (17d)SXB7 Cisco IOS 12.2 (14)SY1 Cisco IOS 12.2 (14)SY03 Cmsmadesimple Cms made simple 1.6.8 (not an official CPE) Cisco IOS 12.2 (17f) Cmsmadesimple Cms made simple 0.11 Beta5 (not an official CPE) Cisco IOS 12.2 (15)ZJ3 Cisco IOS 12.2 (14)SZ1 Cisco IOS 12.2 (14)ZA2 Cisco IOS 12.2 (14)ZA8 Cisco IOS 12.2 (14)SZ2 Cisco IOS 12.2(15)T9 Cmsmadesimple Cms made simple 1.1 Rc2 (not an official CPE) Cisco IOS 12.2 (15)XR Cisco IOS 12.2(15)T7 Cmsmadesimple Cms made simple 1.2 Rc1 (not an official CPE) Cmsmadesimple Cms made simple 1.1 Rc1 (not an official CPE) Cisco IOS 12.2(15)T8 Cmsmadesimple Cms made simple 0.13 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 0.13 Beta3 (not an official CPE) Cmsmadesimple Cms made simple 0.13 Beta2 (not an official CPE) Cisco IOS 12.2 (15)ZN Cisco IOS 12.2 (15)ZL1 Cisco IOS 12.2 (14)SU2 Cisco IOS 12.2(15)ZJ Cisco IOS 12.2 (15)ZJ1 Cisco IOS 12.2 (14)ZA Cisco IOS 12.2 (14)SZ Cmsmadesimple Cms made simple 1.1 Rc3 (not an official CPE) Cisco IOS 12.2 (17b)SXA Cisco IOS 12.2 (17) Cisco IOS 12.2 (16.5)S Cisco IOS 12.2 (16)B1 Cisco IOS 12.2 (15)ZL Cmsmadesimple Cms made simple 1.0.7 (not an official CPE) Cisco IOS 12.2 (15)YS_1.2(1) Cmsmadesimple Cms made simple 1.0.8 (not an official CPE) Cisco IOS 12.2 (15)T5 Cisco IOS 12.2 (15)XR2 Cisco IOS 12.2 (18)EW2 Cisco IOS 12.2 (15)YS Cisco IOS 12.2 (17d) Cisco IOS 12.2(17d)SX Cisco IOS 12.2 (17d)SXB Cisco IOS 12.2 (17d)SXB10 Cisco IOS 12.2 (16f) Cisco IOS 12.2 (17a)SXA Cisco IOS 12.2 (17)a Cisco IOS 12.2 (16)B Cisco IOS 12.2 (15.1)S Cisco IOS 12.2(17a) Cisco IOS 12.2 (15)ZO Cisco IOS 12.2 (17)ZD3 Cisco IOS 12.2 (18)EW Cmsmadesimple Cms made simple 1.0 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 1.2 Beta3 (not an official CPE) Cmsmadesimple Cms made simple 1.2 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta3 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 0.12 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 0.12 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 0.11 Beta6 (not an official CPE) Cmsmadesimple Cms made simple 1.3.1 (not an official CPE) Cmsmadesimple Cms made simple 1.1.4.1 (not an official CPE) Cmsmadesimple Cms made simple 1.5 Beta1 (not an official CPE) Cisco IOS 12.2 (16)BX Cmsmadesimple Cms made simple 1.0 Beta4 (not an official CPE) Cmsmadesimple Cms made simple 1.4 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta5 (not an official CPE) Cmsmadesimple Cms made simple 1.4 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta6 (not an official CPE) Cisco IOS 12.2 (16.1)B Cmsmadesimple Cms made simple 1.2 Beta1 (not an official CPE)