0 Results Found
              Back To Results
                Advisories

                Lastline Portal Cross-Site Request Forgery (CSRF)

                Dell SecureWorks Security Advisory SWRX-2015-002

                Advisory Information

                • Title: Lastline Portal Cross-Site Request Forgery (CSRF)
                • Advisory ID: SWRX-2015-002
                • Date published: Monday, June 8, 2015
                • CVE: CVE-2015-4125
                • CVSS v2 base score: 5.1
                • Date of last update: Monday, June 8, 2015
                • Vendors contacted: Lastline
                • Release mode: Coordinated
                • Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks

                Summary

                Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.

                Download the PDF: SWRX-2015-002

                PGP Signature

                Related Content