Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1213Cross-Site Request Forgery in Dell EMC Isilon Onefs

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 42.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dell EMC Isilon OnefsDell EMC Isilon Onefs
Timeline
PublishedMar 26
Latest updateMay 14

Description

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_isilon_onefs7.2.1.07.2.1.6+5
CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2

🔴Vulnerability Details

2
GHSA
GHSA-m3vj-jgw6-mmqv: Dell EMC Isilon OneFS versions between 82022-05-14
CVEList
CVE-2018-1213: Dell EMC Isilon OneFS versions between 82018-03-26

💥Exploits & PoCs

2
Exploit-DB
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting2019-01-28
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14
CVE-2018-1213 — Cross-Site Request Forgery in Dell | cvebase