CNNVD-202601-4785 Information
CNNVD ID
CNNVD-202601-4785
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Flexense Sync Breeze Enterprise Server和Flexense Disk Pulse Enterprise都是Flexense公司的产品。Flexense Sync Breeze Enterprise Server是一个网络文件同步软件。Flexense Disk Pulse Enterprise是一个实时文件系统监控软件。 Flexense Sync Breeze Enterprise Server 10.4.18版本和Flexense Disk Pulse Enterprise 10.4.18版本存在跨站请求伪造漏洞,该漏洞源于缺少适当的跨站请求伪造令牌实现,可能导致经过身份验证的用户诱使其他用户执行非预期操作。
Description (English)
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are all Flexense products. Flexense Sync Breeze Enterprise Server is a web file sync software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Flexense Sync Breeze Enterprise Server 10.4.18 and Flexense Disk Pulse Enterprise 10.4.18 have a false cross-site request loophole, which stems from the lack of appropriate cross-site requests for forged tokens, which may induce other users to perform unintended operations.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Flexense
Published
2026-01-28
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products
Share on: