{"containers": {"cna": {"affected": [{"product": "Core Portal", "vendor": "CoreHR", "versions": [{"status": "affected", "version": "27.0.0"}, {"status": "affected", "version": "27.0.1"}, {"status": "affected", "version": "27.0.2"}, {"status": "affected", "version": "27.0.3"}, {"status": "affected", "version": "27.0.4"}, {"status": "affected", "version": "27.0.5"}, {"status": "affected", "version": "27.0.6"}, {"status": "affected", "version": "27.0.7"}]}], "credits": [{"lang": "en", "value": "Alessandro Magnosi"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-09T13:10:24.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.146832"}], "title": "CoreHR Core Portal cross-site request forgery", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2019-25064", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "CoreHR Core Portal cross-site request forgery"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Core Portal", "version": {"version_data": [{"version_value": "27.0.0"}, {"version_value": "27.0.1"}, {"version_value": "27.0.2"}, {"version_value": "27.0.3"}, {"version_value": "27.0.4"}, {"version_value": "27.0.5"}, {"version_value": "27.0.6"}, {"version_value": "27.0.7"}]}}]}, "vendor_name": "CoreHR"}]}}, "credit": "Alessandro Magnosi", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery"}]}]}, "references": {"reference_data": [{"name": "https://vuldb.com/?id.146832", "refsource": "MISC", "url": "https://vuldb.com/?id.146832"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:18.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.146832"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:13:43.251464Z", "id": "CVE-2019-25064", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:31:38.145Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2019-25064", "datePublished": "2022-06-09T13:10:24.000Z", "dateReserved": "2022-06-04T00:00:00.000Z", "dateUpdated": "2025-04-15T14:31:38.145Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.146832", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:18.927Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:13:43.251464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:13:45.573Z"}}], "cna": {"title": "CoreHR Core Portal cross-site request forgery", "credits": [{"lang": "en", "value": "Alessandro Magnosi"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "CoreHR", "product": "Core Portal", "versions": [{"status": "affected", "version": "27.0.0"}, {"status": "affected", "version": "27.0.1"}, {"status": "affected", "version": "27.0.2"}, {"status": "affected", "version": "27.0.3"}, {"status": "affected", "version": "27.0.4"}, {"status": "affected", "version": "27.0.5"}, {"status": "affected", "version": "27.0.6"}, {"status": "affected", "version": "27.0.7"}]}], "references": [{"url": "https://vuldb.com/?id.146832", "tags": ["x_refsource_MISC"]}], "x_generator": "vuldb.com", "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-06-09T13:10:24.000Z"}, "x_legacyV4Record": {"credit": "Alessandro Magnosi", "impact": {"cvss": {"version": "3.1", "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "27.0.0"}, {"version_value": "27.0.1"}, {"version_value": "27.0.2"}, {"version_value": "27.0.3"}, {"version_value": "27.0.4"}, {"version_value": "27.0.5"}, {"version_value": "27.0.6"}, {"version_value": "27.0.7"}]}, "product_name": "Core Portal"}]}, "vendor_name": "CoreHR"}]}}, "data_type": "CVE", "generator": "vuldb.com", "references": {"reference_data": [{"url": "https://vuldb.com/?id.146832", "name": "https://vuldb.com/?id.146832", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-25064", "STATE": "PUBLIC", "TITLE": "CoreHR Core Portal cross-site request forgery", "ASSIGNER": "cna@vuldb.com", "REQUESTER": "cna@vuldb.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-25064", "state": "PUBLISHED", "dateUpdated": "2025-04-15T14:31:38.145Z", "dateReserved": "2022-06-04T00:00:00.000Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-06-09T13:10:24.000Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theaccessgroup:corehr_core_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A49093E-B1C8-4A93-BEF4-CD5C880F1BF2", "versionEndIncluding": "27.0.7", "versionStartIncluding": "27.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en CoreHR Core Portal versiones hasta 27.0.7. Ha sido clasificada como problem\u00e1tica. La funci\u00f3n afectada es desconocida. La manipulaci\u00f3n conlleva a un ataque de tipo cross site request forgery. Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a versi\u00f3n 27.0.8 puede abordar este problema. Se recomienda actualizar el componente afectado"}], "id": "CVE-2019-25064", "lastModified": "2024-11-21T04:39:52.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-09T17:15:08.133", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.146832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.146832"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}