Cross-Site Request Forgery Vulnerability in HPE Version Control Repository Manager
CVE-2016-8513

8HIGH

Key Information:

Vendor
HP
Status
Version Control Repository Manager (vcrm)
Vendor
CVE Published:
15 February 2018

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HPE Version Control Repository Manager (VCRM) that allows an attacker to trick users into unknowingly executing actions on behalf of the attacker. This weakness is present in all versions prior to 7.6. By exploiting this vulnerability, malicious actors could perform potentially harmful operations without the user's consent, compromising the integrity and security of the affected systems. Users are strongly encouraged to upgrade to version 7.6 or later to mitigate this risk.

Affected Version(s)

Version Control Repository Manager (VCRM) All versions prior to 7.6

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037485
vdb-entryx_refsource_SECTRACK
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.