{"api_version":"1","generated_at":"2026-06-01T09:19:49+00:00","cve":"CVE-2015-2805","urls":{"html":"https://cve.report/CVE-2015-2805","api":"https://cve.report/api/cve/CVE-2015-2805.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-2805","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-2805"},"summary":{"title":"CVE-2015-2805","description":"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.","state":"PUBLISHED","assigner":"mitre","published_at":"2015-06-16 16:59:01","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-352","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004","name":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"RedTeam Pentesting GmbH - Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/37261/","name":"https://www.exploit-db.com/exploits/37261/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery - Hardware webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1032544","name":"http://www.securitytracker.com/id/1032544","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Alcatel OmniSwitch Web Interface Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2015/Jun/23","name":"http://seclists.org/fulldisclosure/2015/Jun/23","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Full Disclosure: [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html","name":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/535732/100/0/threaded","name":"http://www.securityfocus.com/archive/1/535732/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/75121","name":"http://www.securityfocus.com/bid/75121","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Multiple Alcatel-Lucent OmniSwitch Products CVE-2015-2805 Cross Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-2805","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2805","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_10k","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6250","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6400","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6450","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6850e","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6855","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6860","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_6900","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"alcatel-lucent","cpe5":"omniswitch_9000e","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"6.4.5.r02","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"6.4.6.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"6.6.4.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"6.6.5.r02","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"7.3.2.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"7.3.3.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"7.3.4.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2805","vulnerable":"1","versionEndIncluding":"8.1.1.r01","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"alcatel-lucent","cpe5":"omniswitch_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T05:24:38.893Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/535732/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"},{"name":"1032544","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1032544"},{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2015/Jun/23"},{"name":"75121","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/75121"},{"name":"37261","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/37261/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-06-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-09T18:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/535732/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"},{"name":"1032544","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1032544"},{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2015/Jun/23"},{"name":"75121","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/75121"},{"name":"37261","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/37261/"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-2805","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/535732/100/0/threaded"},{"name":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004","refsource":"MISC","url":"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"},{"name":"1032544","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032544"},{"name":"20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2015/Jun/23"},{"name":"75121","refsource":"BID","url":"http://www.securityfocus.com/bid/75121"},{"name":"37261","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/37261/"},{"name":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-2805","datePublished":"2015-06-16T16:00:00.000Z","dateReserved":"2015-03-30T00:00:00.000Z","dateUpdated":"2024-08-06T05:24:38.893Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-06-16 16:59:01","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-352","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.5.r02","matchCriteriaId":"146D0494-CC3B-47E9-8798-631AA8015A73"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.6.r01","matchCriteriaId":"8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6.4.r01","matchCriteriaId":"A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6.5.r02","matchCriteriaId":"AB4AC6CF-716C-4A40-B0BB-8C652565FD52"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.2.r01","matchCriteriaId":"FB40E084-75AF-4851-A2DC-A9D6C175C1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.3.r01","matchCriteriaId":"F70B59CA-426A-49A1-BD75-516FBC0A4935"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.4.r01","matchCriteriaId":"C61B0959-BF8F-4645-9690-B5E7D43CD0D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.1.r01","matchCriteriaId":"6B01558D-907A-4746-A09C-5761A6EE5B8C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*","matchCriteriaId":"F7C154AC-D64C-4CB0-99E6-1792B23237BE"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*","matchCriteriaId":"CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*","matchCriteriaId":"6E628D41-4AC8-4C60-8353-028588BAE9C0"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*","matchCriteriaId":"A4D9AB0D-317D-4147-B944-02922FC3E14A"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*","matchCriteriaId":"2026FD8F-2734-4927-AE3D-F346B6A3F7DD"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*","matchCriteriaId":"9CA46E94-6195-4AD9-A6C1-97F309D57614"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*","matchCriteriaId":"E6558791-5C3C-451C-B8C9-498A27555248"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*","matchCriteriaId":"C314BC45-D037-4FD9-B893-A737358EA851"},{"vulnerable":false,"criteria":"cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*","matchCriteriaId":"30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"2805","Ordinal":"1","Title":"CVE-2015-2805","CVE":"CVE-2015-2805","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"2805","Ordinal":"1","NoteData":"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.","Type":"Description","Title":"CVE-2015-2805"},{"CveYear":"2015","CveId":"2805","Ordinal":"2","NoteData":"2015-06-16","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"2805","Ordinal":"3","NoteData":"2018-10-09","Type":"Other","Title":"Modified"}]}}}