Cross-Site Request Forgery in Apache CXF Fediz Client Registration Service
CVE-2017-7662
8.8HIGH
Summary
The Apache CXF Fediz Client Registration Service is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables attackers to perform unauthorized actions such as creating new clients or resetting secrets while an admin user's session is still active. This vulnerability exists in versions of Apache CXF Fediz prior to 1.4.0 and 1.3.2, which can lead to significant security breaches if exploited.
Affected Version(s)
Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved