Kaspersky : Security Vulnerabilities, CVEs, (CSRF)
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
Max CVSS
8.8
EPSS Score
3.13%
Published
2017-07-17
Updated
2019-10-03
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-02-06
Updated
2018-03-01
2 vulnerabilities found