Vulnerability Details CVE-2018-1213
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
Products affected by CVE-2018-1213
-
cpe:2.3:a:dell:emc_isilon_onefs:7.1.1.11
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.0
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.1
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.2
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.3
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.4
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.5
-
cpe:2.3:a:dell:emc_isilon_onefs:7.2.1.6
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.0
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.1
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.2
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.3
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.4
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.5
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.0.6
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.0
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.1
-
cpe:2.3:a:dell:emc_isilon_onefs:8.0.1.2
-
cpe:2.3:a:dell:emc_isilon_onefs:8.1.0.0
-
cpe:2.3:a:dell:emc_isilon_onefs:8.1.0.1
-
cpe:2.3:a:dell:emc_isilon_onefs:8.1.0.2