CVE-2022-4130

Summary

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Affected Software

VendorProductVersion RangeStatus
n/aSatellite ServerSatellite Server 6.9,6.10,6.11affected

Weaknesses

  • Blind Site-to-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References