{"api_version":"1","generated_at":"2026-04-23T10:17:55+00:00","cve":"CVE-2015-0651","urls":{"html":"https://cve.report/CVE-2015-0651","api":"https://cve.report/api/cve/CVE-2015-0651.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0651","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0651"},"summary":{"title":"CVE-2015-0651","description":"Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-02-27 02:59:00","updated_at":"2015-11-02 18:29:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651","name":"20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031815","name":"1031815","refsource":"SECTRACK","tags":[],"title":"Cisco Application Control Engine 4710 Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/72796","name":"72796","refsource":"BID","tags":[],"title":"Cisco Application Networking Manager CVE-2015-0651 Cross Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0651","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0651","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"651","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_networking_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"651","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_networking_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-0651","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651"},{"name":"1031815","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031815"},{"name":"72796","refsource":"BID","url":"http://www.securityfocus.com/bid/72796"}]}},"nvd":{"publishedDate":"2015-02-27 02:59:00","lastModifiedDate":"2015-11-02 18:29:00","problem_types":["CWE-352"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"651","Ordinal":"77322","Title":"CVE-2015-0651","CVE":"CVE-2015-0651","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"651","Ordinal":"1","NoteData":"Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"651","Ordinal":"2","NoteData":"2015-02-26","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"651","Ordinal":"3","NoteData":"2015-03-05","Type":"Other","Title":"Modified"}]}}}