CVE-2019-25064

Summary

A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
CoreHRCore Portal27.0.0affected
CoreHRCore Portal27.0.1affected
CoreHRCore Portal27.0.2affected
CoreHRCore Portal27.0.3affected
CoreHRCore Portal27.0.4affected
CoreHRCore Portal27.0.5affected
CoreHRCore Portal27.0.6affected
CoreHRCore Portal27.0.7affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References