CVE-2010-0153

Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.

Published: Sep 14, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0153
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
ibm / proventia_network_mail_security_system_virtual_appliance	-	-
ibm / proventia_network_mail_security_system_virtual_appliance_firmware	1.6	1.6.x
ibm / proventia_network_mail_security_system_virtual_appliance_firmware	2.5	2.5.x

http://www.securityfocus.com/archive/1/513627/100/0/threaded
http://www.ventuneac.net/security-advisories/MVSA-10-006

Vulnerability Database

290,301

CVE-2010-0153