CVE-2021-41295 – ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated att …

Vuln ID: CVE-2021-41295

Published:  2021-09-30  11:15:07Z

Description: ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

Source: NVD.NIST.GOV