Cross-Site Request Forgery Vulnerability in VMware vCloud Director
CVE-2014-1211

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcloud Director
Vendor: CVE Published:; 17 January 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in VMware vCloud Director prior to version 5.1.3. This weakness allows a remote attacker to hijack the authentication of arbitrary users, potentially leading to unauthorized actions triggered by a logout request. By manipulating a logged-in user's session, an attacker could execute commands without the user's consent.

References

http://osvdb.org/102198

vdb-entryx_refsource_OSVDB

http://www.vmware.com/security/advisories/VMSA-2014-0001....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/64993

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 17, 2014
Vulnerability Reserved
Jan 7, 2014