Vulnerability Details CVE-2016-0891
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html
- http://seclists.org/bugtraq/2016/Apr/106
- http://seclists.org/fulldisclosure/2016/Apr/89
- http://www.securityfocus.com/archive/1/538207/100/0/threaded
- https://www.exploit-db.com/exploits/39738/
- https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html
- http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html
- http://seclists.org/bugtraq/2016/Apr/106
- http://seclists.org/fulldisclosure/2016/Apr/89
- http://www.securityfocus.com/archive/1/538207/100/0/threaded
- https://www.exploit-db.com/exploits/39738/
- https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html