CSRF in Vmware Vcloud_director

CVE-2014-1211

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.003 (53.5th percentile) — read the EPSS interpretation.

Affected products

Vmware Vcloud_director — versions 5.1.0, 5.1.1, 5.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

102198 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
64993 (vdb-entry, x_refsource_BID)
1029645 (vdb-entry, x_refsource_SECTRACK)
vmware-vcloud-cve20141211-csrf(90560) (vdb-entry, x_refsource_XF)