Cross-Site Request Forgery Vulnerability in Cisco Prime Service Catalog
CVE-2018-0107
8.8HIGH
Summary
A security issue exists within the web framework of Cisco Prime Service Catalog, allowing an unauthenticated remote attacker to execute unintended actions on the affected system. This vulnerability arises from inadequate cross-site request forgery (CSRF) protection, where an attacker can manipulate a user into unintentionally triggering detrimental actions through a web application. As a result, this may lead to unauthorized changes or access to sensitive functionalities within the application.
Affected Version(s)
Cisco Prime Service Catalog Cisco Prime Service Catalog
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved