CVE-2014-1211

2014-01-1721:55:19

CWE-352

mitre

web.nvd.nist.gov

cve

2014

1211

cross-site request forgery

csrf

vulnerability

vmware

vcloud director

authentication

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

55.9%

JSON

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Affected configurations

Nvd

Node

vmwarevcloud_directorMatch5.1.0

vmwarevcloud_directorMatch5.1.1

vmwarevcloud_directorMatch5.1.2

VendorProductVersionCPE
vmwarevcloud_director5.1.0cpe:2.3:a:vmware:vcloud_director:5.1.0:*:*:*:*:*:*:*
vmwarevcloud_director5.1.1cpe:2.3:a:vmware:vcloud_director:5.1.1:*:*:*:*:*:*:*
vmwarevcloud_director5.1.2cpe:2.3:a:vmware:vcloud_director:5.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	vcloud_director	5.1.0	cpe:2.3:a:vmware:vcloud_director:5.1.0:::::::*
vmware	vcloud_director	5.1.1	cpe:2.3:a:vmware:vcloud_director:5.1.1:::::::*
vmware	vcloud_director	5.1.2	cpe:2.3:a:vmware:vcloud_director:5.1.2:::::::*