Cross-Site Request Forgery (CSRF) Vulnerability in Selesta Visual Access Manager (VAM) 4.15.0 - 4.29

Cross-Site Request Forgery (CSRF) Vulnerability in Selesta Visual Access Manager (VAM) 4.15.0 - 4.29

CVE-2019-19987 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.

Learn more about our User Device Pen Test.