{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "fleetcommander-interface-csrf(79854)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79854"}, {"name": "VU#427547", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/427547"}, {"name": "56427", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-4943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fleetcommander-interface-csrf(79854)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79854"}, {"name": "VU#427547", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/427547"}, {"name": "56427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:50:18.387Z"}, "title": "CVE Program Container", "references": [{"name": "fleetcommander-interface-csrf(79854)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79854"}, {"name": "VU#427547", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/427547"}, {"name": "56427", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56427"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-4943", "datePublished": "2012-11-18T21:00:00.000Z", "dateReserved": "2012-09-17T00:00:00.000Z", "dateUpdated": "2024-08-06T20:50:18.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agilefleet:fleetcommander:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FC0EB44-CDFB-48E4-B99A-EEB5C81912CC", "versionEndIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:agilefleet:fleetcommander_kiosk:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90E2FAC-A08B-49B0-85F9-9766857F0B6E", "versionEndIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Agile FleetCommander y Kiosk FleetCommander antes de v4.08 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para peticiones de su elecci\u00f3n que modifican (1) las contrase\u00f1as, (2) las cuentas, o (3) permisos."}], "id": "CVE-2012-4943", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-11-18T21:55:01.010", "references": [{"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/427547"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/56427"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79854"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/427547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/56427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79854"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}