CVE-2016-0891

Published on: 04/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Vipr Srm from Emc contain the following vulnerability:

Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

  • CVE-2016-0891 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Exploit
Third Party Advisory
VDB Entry
www.securify.nl
text/html
URL Logo MISC www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html
EMC ViPR SRM Cross Site Request Forgery ≈ Packet Storm Exploit
Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html
Full Disclosure: EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Third Party Advisory
VDB Entry
seclists.org
text/html
URL Logo FULLDISC 20160427 EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
EMC ViPR SRM - Cross-Site Request Forgery Exploit
Third Party Advisory
VDB Entry
www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39738
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160427 EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
Bugtraq: ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities Third Party Advisory
VDB Entry
seclists.org
text/html
URL Logo BUGTRAQ 20160419 ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationEmcVipr SrmAllAllAllAll
  • cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*: