CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.

Published: Mar 11, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-14989
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
bloomreach / experience_manager	14.1.0	14.2.2.x

https://tvrbk.github.io/cve/2021/03/09/brXM.html

Vulnerability Database

CVE-2020-14989