Advisory Information
- Title: Lastline Portal Cross-Site Request Forgery (CSRF)
- Advisory ID: SWRX-2015-002
- Date published: Monday, June 8, 2015
- CVE: CVE-2015-4125
- CVSS v2 base score: 5.1
- Date of last update: Monday, June 8, 2015
- Vendors contacted: Lastline
- Release mode: Coordinated
- Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks
Summary
Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.
Download the PDF: SWRX-2015-002
