MEDIUM🇬🇧 English

CVE-2013-7057

CVSS 6.8v2.0pub. 2014-11-04upd. 2026-05-06

Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Axway Securetransport

    APP
    Axway
    ≤ 5.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-14277CRITICAL9.8ten sam produkt

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to una...

CVE-2012-4991HIGH8.5ten sam produkt

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authent...

CVE-2015-5606HIGH7.5ten sam vendor

Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service...

CVE-2019-6500HIGH7.5ten sam vendor

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by ...

CVE-2012-6452MEDIUM5.0ten sam vendor

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different respo...