CVE-2016-6454 — Cross-Site Request Forgery in Cisco Hosted Collaboration Mediation Fulfillment

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Hosted Collaboration Mediation Fulfillment

Timeline

PublishedNov 3

Latest updateMay 17

Description

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/hosted_collaboration_mediation_fulfillment4 versions+3

🔴Vulnerability Details

GHSA

GHSA-4882-p655-4rfx: A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow↗2022-05-17

▶

CVEList

CVE-2016-6454: A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow↗2016-11-03

▶

📋Vendor Advisories

Cisco

Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability↗2016-10-26

▶