CVE-2013-6443

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 73.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms 3.0 Management Engine Redhat Cloudforms

Timeline

PublishedJan 23

Latest updateMay 17

Description

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/cloudforms_3.0_management_engine5.2.1+1

▶NVDredhat/cloudforms3.0

🔴Vulnerability Details

GHSA

GHSA-vvp8-xf2f-vgc6: CloudForms 3↗2022-05-17

▶

CVEList

CVE-2013-6443: CloudForms 3↗2014-01-23

▶

📋Vendor Advisories

Red Hat

CFME: GET request CSRF vulnerability↗2014-01-14

▶

💬Community

Bugzilla

CVE-2013-6443 CFME: GET request CSRF vulnerability↗2013-12-17

▶