Trusted Design

• 重大度: Unknown
• 公開日: 2015-05-30
• 更新日: 2024-08-06

概要

Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.

このCVEに関連するMITRE ATT&CKテクニック

• T1557 - Adversary-in-the-Middle
• T1003.002 - Security Account Manager
• T1192 - Spearphishing Link
• T1587.001 - Malware
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1218.004 - InstallUtil
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.004 - Drive-by Target
• T1608.001 - Upload Malware
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1145 - Private Keys
• T1155 - AppleScript
• T1598.004 - Spearphishing Voice
• T1177 - LSASS Driver
• T1546.008 - Accessibility Features
• T1550.003 - Pass the Ticket
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1606.001 - Web Cookies
• T1598.002 - Spearphishing Attachment
• T1556.008 - Network Provider DLL
• T1497.002 - User Activity Based Checks
• T1534 - Internal Spearphishing
• T1219.003 - Remote Access Hardware
• T1059.011 - Lua
• T1055.012 - Process Hollowing
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1203 - Exploitation for Client Execution
• T1499 - Endpoint Denial of Service
• T1493 - Transmitted Data Manipulation
• T1565.002 - Transmitted Data Manipulation
• T1223 - Compiled HTML File
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1204.001 - Malicious Link

このCVEが関連しているPulses

• Blue Coat SSL Appliance contains multiple vulnerabilities

CVEの関係性グラフ

---

← CVE一覧に戻る