Sign-up

ID

VAR-202009-0571


CVE

CVE-2020-15789


TITLE

Polarion Subversion Webclient  Cross Site Request Forgery Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010873

DESCRIPTION

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. Polarion Subversion Webclient Contains a cross-site request forgery vulnerability.Information may be obtained and information may be tampered with. It is an SVN client that enables Subversion users to use a web browser to process SVN repositories

Trust: 2.16

sources: NVD: CVE-2020-15789 // JVNDB: JVNDB-2020-010873 // CNVD: CNVD-2020-51246

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-51246

AFFECTED PRODUCTS

vendor:siemensmodel:polarion subversion webclientscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:polarion subversion webclientscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:polarion subversion webclientscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-51246 // JVNDB: JVNDB-2020-010873 // NVD: CVE-2020-15789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15789
value: HIGH

Trust: 1.0

NVD: CVE-2020-15789
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-51246
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202009-492
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-15789
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-51246
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15789
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-15789
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-51246 // JVNDB: JVNDB-2020-010873 // CNNVD: CNNVD-202009-492 // NVD: CVE-2020-15789

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010873 // NVD: CVE-2020-15789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-492

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202009-492

PATCH

title:SSA-436520url:https://cert-portal.siemens.com/productcert/pdf/ssa-436520.pdf

Trust: 0.8

title:Patch for Siemens Polarion Subversion Webclient cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/233332

Trust: 0.6

title:Siemens Polarion Subversion Web CSRF Vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127913

Trust: 0.6

sources: CNVD: CNVD-2020-51246 // JVNDB: JVNDB-2020-010873 // CNNVD: CNNVD-202009-492

EXTERNAL IDS

db:NVDid:CVE-2020-15789

Trust: 3.8

db:SIEMENSid:SSA-436520

Trust: 2.2

db:ICS CERTid:ICSA-20-252-08

Trust: 1.4

db:JVNid:JVNVU94568336

Trust: 0.8

db:JVNDBid:JVNDB-2020-010873

Trust: 0.8

db:CNVDid:CNVD-2020-51246

Trust: 0.6

db:NSFOCUSid:50583

Trust: 0.6

db:AUSCERTid:ESB-2020.3079

Trust: 0.6

db:CNNVDid:CNNVD-202009-492

Trust: 0.6

sources: CNVD: CNVD-2020-51246 // JVNDB: JVNDB-2020-010873 // CNNVD: CNNVD-202009-492 // NVD: CVE-2020-15789

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-436520.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15789

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-252-08

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94568336/index.html

Trust: 0.8

url:http://www.nsfocus.net/vulndb/50583

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3079/

Trust: 0.6

sources: CNVD: CNVD-2020-51246 // JVNDB: JVNDB-2020-010873 // CNNVD: CNNVD-202009-492 // NVD: CVE-2020-15789

SOURCES

db:CNVDid:CNVD-2020-51246
db:JVNDBid:JVNDB-2020-010873
db:CNNVDid:CNNVD-202009-492
db:NVDid:CVE-2020-15789

LAST UPDATE DATE

2024-11-23T21:14:19.071000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-51246date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-010873date:2022-03-11T06:04:00
db:CNNVDid:CNNVD-202009-492date:2020-11-17T00:00:00
db:NVDid:CVE-2020-15789date:2024-11-21T05:06:11.047

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-51246date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-010873date:2021-02-12T00:00:00
db:CNNVDid:CNNVD-202009-492date:2020-09-08T00:00:00
db:NVDid:CVE-2020-15789date:2020-09-09T19:15:20.337