Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-49462

Summary
Assigner-Zoom
Assigner Org ID-99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At-10 Jul, 2025 | 16:24
Updated At-10 Jul, 2025 | 18:37
Rejected At-
Credits

Zoom Clients - Cross-site Scripting

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zoom
Assigner Org ID:99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At:10 Jul, 2025 | 16:24
Updated At:10 Jul, 2025 | 18:37
Rejected At:
▼CVE Numbering Authority (CNA)
Zoom Clients - Cross-site Scripting

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Affected Products
Vendor
Zoom Communications, Inc.Zoom Communications Inc.
Product
Zoom Clients
Platforms
  • Windows
  • MacOS
  • Linux
  • iOS
  • Android
Default Status
unaffected
Versions
Affected
  • From 0 before 6.4.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.zoom.com/en/trust/security-bulletin/zsb-25025/
N/A
Hyperlink: https://https://www.zoom.com/en/trust/security-bulletin/zsb-25025/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zoom.us
Published At:10 Jul, 2025 | 17:15
Updated At:05 Aug, 2025 | 14:00

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 6.4.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 6.4.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 6.4.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 6.4.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 6.4.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarysecurity@zoom.us
CWE ID: CWE-352
Type: Secondary
Source: security@zoom.us
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://https://www.zoom.com/en/trust/security-bulletin/zsb-25025/security@zoom.us
Broken Link
Hyperlink: https://https://www.zoom.com/en/trust/security-bulletin/zsb-25025/
Source: security@zoom.us
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2023-43588
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.5||LOW
EPSS-0.35% / 56.76%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:11
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructuremeetingszoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2023-41946
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-3.5||LOW
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

Action-Not Available
Vendor-Jenkins
Product-frugal_testingJenkins Frugal Testing Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-30694
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.49%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507s6ag1314-6eh04-7ab0simatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmware6es7317-2ek14-0ab0_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1sinumerik_one_firmwaresimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1518hf-46es7154-8fb01-0ab0_firmwaresimatic_s7-1500_cpu_1518-4_pn_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmware6es7151-8fb01-0ab0_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pn6es7154-8ab01-0ab06ag1151-8fb01-2ab0_firmware6ag1314-6eh04-7ab0_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmware6es7315-2eh14-0ab0simatic_s7-1500_cpu_1517-3_dpsimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmware6es7315-2fj14-0ab0_firmwaresimatic_s7-1200_cpu_1214c6ag1151-8ab01-7ab06es7317-2fk14-0ab0simatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-36es7317-2ek14-0ab0simatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_wincc_runtimesimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmware6ag1317-2fk14-2ab0_firmware6es7315-2eh14-0ab0_firmware6es7314-6eh04-0ab0_firmwaresimatic_s7-400_pn\/dp_v6_firmwaresimatic_s7-1500_cpu_1515-2simatic_pcssimatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_drive_controller_cpu_1504d_tfsimatic_s7-400_pn\/dp_v7_firmwaresimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-46es7317-7tk10-0ab0simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmware6es7318-3fl01-0ab0_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmware6es7318-3fl01-0ab06es7154-8ab01-0ab0_firmwaresimatic_s7-1500_cpu_1518_firmware6es7154-8fb01-0ab0simatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresimatic_s7-1500_cpu_1516t-36es7315-7tj10-0ab0_firmwaresimatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsinumerik_one6ag1315-2fj14-2ab0simatic_s7-400_pn\/dp_v6simatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1515t-2simatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1518-4_pn6es7315-2fj14-0ab0simatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaresimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmware6es7317-2fk14-0ab0_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmware6es7151-8ab01-0ab06ag1317-2ek14-7ab0simatic_s7-1200_cpu_1214fc_firmware6es7317-7ul10-0ab0_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215c6es7315-7tj10-0ab0simatic_s7-1500_cpu_1515r-26es7151-8fb01-0ab0simatic_s7-1200_cpu_12_1215fc6es7318-3el01-0ab0_firmware6ag1315-2fj14-2ab0_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512c6es7154-8fx00-0ab0_firmwaresimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmware6es7318-3el01-0ab0simatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmware6es7154-8fx00-0ab0simatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212c6es7317-7ul10-0ab0simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2simatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-16ag1151-8ab01-7ab0_firmwaresimatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmware6ag1315-2eh14-7ab0simatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_pcs_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmware6es7151-8ab01-0ab0_firmware6ag1315-2eh14-7ab0_firmwaresimatic_s7-1500_cpu_1516-3_dp_firmware6es7317-7tk10-0ab0_firmwaresimatic_s7-400_pn\/dp_v7simatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1512sp-1_firmware6ag1317-2fk14-2ab0simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1516-3_pn_firmware6es7314-6eh04-0ab0simatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmware6ag1151-8fb01-2ab0simatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-46ag1317-2ek14-7ab0_firmwareSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC PC StationSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-300 CPU 315F-2 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSINUMERIK ONESIMATIC S7-300 CPU 315-2 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC ET 200S IM151-8F PN/DP CPUSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 319-3 PN/DPSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC Drive Controller CPU 1507D TFSIPLUS S7-300 CPU 314C-2 PN/DPSIPLUS ET 200S IM151-8F PN/DP CPUSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNSIPLUS S7-300 CPU 315F-2 PN/DPSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC WinCC Runtime AdvancedSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-300 CPU 319F-3 PN/DPSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-300 CPU 317T-3 PN/DPSIPLUS ET 200S IM151-8 PN/DP CPUSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC ET 200S IM151-8 PN/DP CPUSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23847
Matching Score-4
Assigner-Black Duck Software, Inc.
ShareView Details
Matching Score-4
Assigner-Black Duck Software, Inc.
CVSS Score-3.5||LOW
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-SynopsysJenkins
Product-synopsys_coveritySynopsys Jenkins Coverity Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
Details not found