0 Results Found
            Back To Results
              Advisory

              Lastline Portal Cross-Site Request Forgery (CSRF)

              Dell SecureWorks Security Advisory SWRX-2015-002

              Advisory Information

              • Title: Lastline Portal Cross-Site Request Forgery (CSRF)
              • Advisory ID: SWRX-2015-002
              • Date published: Monday, June 8, 2015
              • CVE: CVE-2015-4125
              • CVSS v2 base score: 5.1
              • Date of last update: Monday, June 8, 2015
              • Vendors contacted: Lastline
              • Release mode: Coordinated
              • Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks

              Summary

              Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.

              Download the PDF: SWRX-2015-002

              PGP Signature

              Related Content