Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability
Vulnerability Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Kiteworks Mft 跨站请求伪造漏洞
Vulnerability Description
Kiteworks Mft是美国Kiteworks公司的一个安全管理内部和外部数据传输的软件。 Kiteworks Mft 9.1.0之前版本存在跨站请求伪造漏洞,该漏洞源于管理员可能被诱导访问特制页面,导致日志信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A