Details of VAR-201509-0218

ID

VAR-201509-0218

CVE

CVE-2015-6468

TITLE

Resource Data Management Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: 72778bec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06338

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. An attacker could exploit the vulnerability to perform unauthorized operations

Trust: 2.34

sources: NVD: CVE-2015-6468 // JVNDB: JVNDB-2015-004960 // CNVD: CNVD-2015-06338 // IVD: 72778bec-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 72778bec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06338

AFFECTED PRODUCTS

vendor:	resource data management data manager	model:	manager	scope:	lte	version:	2.1	Trust: 1.0
vendor:	resource data management	model:	manager	scope:	lt	version:	2.2	Trust: 0.8
vendor:	resource	model:	data management resource data management	scope:	lt	version:	2.2	Trust: 0.6
vendor:	resource data management data manager	model:	manager	scope:	eq	version:	2.1	Trust: 0.6
vendor:	data manager	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 72778bec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06338 // JVNDB: JVNDB-2015-004960 // CNNVD: CNNVD-201509-540 // NVD: CVE-2015-6468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6468
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6468
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06338
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-540
value:	MEDIUM
Trust: 0.6
IVD:	72778bec-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2015-6468
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06338
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	72778bec-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 72778bec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06338 // JVNDB: JVNDB-2015-004960 // CNNVD: CNNVD-201509-540 // NVD: CVE-2015-6468

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2015-004960 // NVD: CVE-2015-6468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-540

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201509-540

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004960

PATCH

title:	Resource Data Management	url:	https://www.resourcedm.com/en-us/Support/Download-Software	Trust: 0.8
title:	Patch for Cross-Site Request Forgery Vulnerability in Resource Data Management	url:	https://www.cnvd.org.cn/patchInfo/show/64795	Trust: 0.6
title:	Resource Data Management Data Manager Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57796	Trust: 0.6

sources: CNVD: CNVD-2015-06338 // JVNDB: JVNDB-2015-004960 // CNNVD: CNNVD-201509-540

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6468	Trust: 3.2
db:	ICS CERT	id:	ICSA-15-265-01	Trust: 3.0
db:	CNVD	id:	CNVD-2015-06338	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-540	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004960	Trust: 0.8
db:	IVD	id:	72778BEC-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 72778bec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06338 // JVNDB: JVNDB-2015-004960 // CNNVD: CNNVD-201509-540 // NVD: CVE-2015-6468

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-265-01	Trust: 3.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6468	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6468	Trust: 0.8

sources: CNVD: CNVD-2015-06338 // JVNDB: JVNDB-2015-004960 // CNNVD: CNNVD-201509-540 // NVD: CVE-2015-6468

SOURCES

db:	IVD	id:	72778bec-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-06338
db:	JVNDB	id:	JVNDB-2015-004960
db:	CNNVD	id:	CNNVD-201509-540
db:	NVD	id:	CVE-2015-6468

LAST UPDATE DATE

2025-04-12T23:13:01.220000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-06338	date:	2015-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-004960	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-540	date:	2015-09-28T00:00:00
db:	NVD	id:	CVE-2015-6468	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	72778bec-2351-11e6-abef-000c29c66e3d	date:	2015-10-09T00:00:00
db:	CNVD	id:	CNVD-2015-06338	date:	2015-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-004960	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-540	date:	2015-09-28T00:00:00
db:	NVD	id:	CVE-2015-6468	date:	2015-09-26T01:59:13.203