CVE-2016-0891

Опубликовано: 20 апр. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

Ссылки

http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/bugtraq/2016/Apr/106
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Apr/89
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/538207/100/0/threaded
https://www.exploit-db.com/exploits/39738/
Exploit
Third Party Advisory
VDB Entry
https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/bugtraq/2016/Apr/106
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Apr/89
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/538207/100/0/threaded
https://www.exploit-db.com/exploits/39738/
Exploit
Third Party Advisory
VDB Entry
https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*

Версия до 3.6.4 (включая)

EPSS

Процентиль: 86%

0.03087

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-hr3v-9w59-cq9c