Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable PM server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user. This can include WebSocket payloads that result in command execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LogRhythm Platform Manager (PM) 跨站请求伪造漏洞
Vulnerability Description
Logrhythm Platform Manager是美国Logrhythm公司的一个Logrhyth应用的组件。该组件负责集中管理告警、通知和案例和安全事件管理。支撑实时仪表板,SmartResponse操作和报告。 LogRhythm Platform Manager (PM) 7.4.9 存在跨站请求伪造漏洞,该漏洞源于Web界面容易受到跨站点WebSocket劫持(CSWH)的攻击。如果登录的PM用户访问了同一个浏览器会话中的恶意站点,该站点可以执行CSRF攻击,从受害客户端到易受攻击的PM服务器
CVSS Information
N/A
Vulnerability Type
N/A