Skip to main content

Snapcenter Server CVE-2017-15516

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-11-16 security-alert@netapp.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 16, 2017 - 22:29 cve.org
HIGH 8.8

DescriptionCVE.org

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.

AnalysisAI

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. Affected products include: Netapp Snapcenter Server. Version information: through 2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2020-11023 MEDIUM POC
6.1 Apr 29

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untru

CVE-2018-8014 CRITICAL
9.8 May 16

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0

CVE-2015-7887 HIGH
8.1 Aug 07

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Rated high severity (CVSS 8.1

CVE-2016-1502 HIGH
7.3 Feb 07

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and dele

CVE-2020-14800 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severi

CVE-2020-14775 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vu

CVE-2020-14769 MEDIUM
6.5 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.

CVE-2020-14799 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severi

CVE-2020-14794 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.

CVE-2020-14793 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.

CVE-2020-14790 MEDIUM
4.9 Oct 21

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), thi

Share

CVE-2017-15516 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy