Cross-Site Request Forgery Vulnerability in VMware vCloud Director
CVE-2014-1211

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
17 January 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in VMware vCloud Director prior to version 5.1.3. This weakness allows a remote attacker to hijack the authentication of arbitrary users, potentially leading to unauthorized actions triggered by a logout request. By manipulating a logged-in user's session, an attacker could execute commands without the user's consent.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.