La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2019-19987

CVE-2019-19987 - Selesta Visual Access Manager

Vulnerability Description: Multiple Cross-Site request forgery pre authentication
Software Version: VAM: Visual Access Manager - 4.15.0 > 4.29
NISThttps://nvd.nist.gov/vuln/detail/CVE-2019-19987
CVSv36.5
Severity: Medium
Credits:
 Alessandro Bosco, Luca Di Giuseppe, Mattia Campanelli, Valerio Preti, Stefano Scipioni, Massimiliano Brolli.

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which he is currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. This vulnerability has been found in several page. An attacker can exploit it in functionalities such as change password, add user, add privileges and so on.