CVE-2021-22500 — Cross-Site Request Forgery in Application Performance Management

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 69.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microfocus Application Performance Management

Timeline

PublishedFeb 6

Latest updateMay 24

Description

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microfocus/application_performance_management9.40, 9.50, 9.51

▶NVDmicrofocus/application_performance_management9.40, 9.50, 9.51+2

🔴Vulnerability Details

GHSA

GHSA-xxvc-26j5-3mg9: Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9↗2022-05-24

▶

CVEList

CVE-2021-22500: Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9↗2021-02-06

▶