A new vulnerable product has been added to an old CSRF vulnerability.
[*] Searching cve-[['2015-5258']] vulnerability definitions within Kenna.VI+....
[ CVE Description ]
[*] CVE_ID : CVE-2015-5258
[_] Desc : Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
[ Kenna.VM Summary ]
[*] Vuln Risk : 29.1449
[*] Easily_Exploit : False
[*] Malware_Exploit : False
[*] Popular_Target : False
[*] Active_Internet_Breach : False
[ Kenna.VI+ ]
[*] Successful_Exploitations : 0
[*] Velocity (D/W/M) : 0/0/0
[*] Daily_Trend : holding
[*] Pre_NVD : True [_FALSE_]
[*] RCE : True [_FALSE_]
[*] Predicted_Exploitable : 0 (4.3718% confidence)
[ Kenna.VI+ Details ]
[_] Created_at : 2016-05-25T23:17:59Z
[_] Published : 2017-08-22T18:29:00Z
[_] Last_Modified : 2021-06-09T16:20:00Z
[ Links / References ]
[*] Malware sample : 0
[_] Exploits/POC [0]:
[ --> ] None
[_] Fixes [1]:
[ --> ] external_id : 124732
[ --> ] url : https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177420.html
[ --> ] product : None
[ --> ] published_at : 2016-02-18T12:10:45Z
[_] Threat Actors [0]:
[ --> ] None
[ CVSS2 / CVSS3 Details ]
| Impact | | | CVSS_Access
================+=========+===+================+==============
Availability | Partial | | Complexity | Medium
Confidentiality | Partial | | Vector | Network
Integrity | Partial | | Authentication | None required
| CVSS_V2 | CVSS_V3
==============+=========+========
Base Score | 6.800 | 8.800
Exploit_Score | 8.600 | 2.800
Impact_Score | 6.400 | 5.900
Temporal | 5.000 | None
[*] CVSS v2 vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
[*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
[ Others ]
[*] Vulnerable Products [2] :
[ --> ] cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
[ --> ] cpe:2.3:a:vmware:spring_social:*:*:*:*:*:*:*:*
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2015-5258 (29.1449) : []
** [5] threads completed [2 tasks] / [1.64 KB] within [2.00 sec].