CVE-2009-3022

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jvn.jp/en/jp/JVN68640473/index.html", "name": "JVN#68640473", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "http://jvn.jp/en/jp/JVN68640473/index.html", "name": "JVN#68640473", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html", "name": "JVNDB-2009-000058", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html", "name": "JVNDB-2009-000058", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://osvdb.org/57425", "name": "57425", "tags": ["Broken Link"], "refsource": ""}, {"url": "http://osvdb.org/57425", "name": "57425", "tags": ["Broken Link"], "refsource": ""}, {"url": "http://secunia.com/advisories/36458", "name": "36458", "tags": ["Broken Link", "Vendor Advisory"], "refsource": ""}, {"url": "http://secunia.com/advisories/36458", "name": "36458", "tags": ["Broken Link", "Vendor Advisory"], "refsource": ""}, {"url": "http://www.bingo-cms.jp/security/jvn68640473.html", "name": "http://www.bingo-cms.jp/security/jvn68640473.html", "tags": ["Broken Link", "Vendor Advisory"], "refsource": ""}, {"url": "http://www.bingo-cms.jp/security/jvn68640473.html", "name": "http://www.bingo-cms.jp/security/jvn68640473.html", "tags": ["Broken Link", "Vendor Advisory"], "refsource": ""}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838", "name": "bingocms-unspecified-csrf(52838)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838", "name": "bingocms-unspecified-csrf(52838)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-3022", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2009-08-31T20:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:core:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2"}, {"cpe23Uri": "cpe:2.3:a:itd-inc:bingo\\!cms:*:-:commercial:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-01-21T17:15Z"}