CVE-2019-17240 LOW

CVE-2019-17240

Vendor N/A
Product n/a
Published October 6, 2019
Last update August 5, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

Key dates

02Disclosure timeline

October 6, 2019 CVE published
August 5, 2024 Record updated