- Description
- A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.
- Source
- security@progress.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09E601FC-0D63-44B7-8726-DA512D075139",
"versionEndExcluding": "7.2.54.9",
"versionStartIncluding": "7.2.49.0"
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ga:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F95CC892-C725-49BE-AC30-3AB2C1547517",
"versionEndExcluding": "7.2.59.3",
"versionStartIncluding": "7.2.55.0"
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:7.1.35.10:*:*:*:mt:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F615B26-D735-4A95-9D04-D434B61CFB38"
},
{
"criteria": "cpe:2.3:a:progress:loadmaster:7.2.48.10:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DDDA906-6A2C-4662-B3EC-6406BC32370D"
}
],
"operator": "OR"
}
]
}
]