Cross-Site Request Forgery Vulnerability in Cisco Data Center Analytics Framework
CVE-2018-0146

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Data Center Analytics Framework
Vendor: CVE Published:; 22 February 2018

What is CVE-2018-0146?

A vulnerability in the Cisco Data Center Analytics Framework application may permit an unauthenticated remote attacker to exploit cross-site request forgery (CSRF). This issue arises from inadequate CSRF protection in the affected application. An attacker could trick a legitimate user into clicking a malicious link, which could result in the submission of unauthorized requests and actions on the user's behalf, putting sensitive operations at risk. Stay informed about security measures to mitigate such vulnerabilities.

Affected Version(s)

Cisco Data Center Analytics Framework Cisco Data Center Analytics Framework

References

http://www.securityfocus.com/bid/103122

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2018
Vulnerability Reserved
Nov 27, 2017