Sign-up

ID

VAR-201506-0249


CVE

CVE-2015-4189


TITLE

Cisco Data Center Analytics Framework Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-003244

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. Vendors have confirmed this vulnerability Bug ID CSCun26807 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCun26807

Trust: 1.98

sources: NVD: CVE-2015-4189 // JVNDB: JVNDB-2015-003244 // BID: 75349 // VULHUB: VHN-82150

AFFECTED PRODUCTS

vendor:ciscomodel:data center analytics frameworkscope:eqversion:1.4.0

Trust: 2.4

vendor:ciscomodel:data center analytics frameworkscope:eqversion:1.4

Trust: 0.3

sources: BID: 75349 // JVNDB: JVNDB-2015-003244 // CNNVD: CNNVD-201506-403 // NVD: CVE-2015-4189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4189
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4189
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-403
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82150
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4189
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82150
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82150 // JVNDB: JVNDB-2015-003244 // CNNVD: CNNVD-201506-403 // NVD: CVE-2015-4189

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82150 // JVNDB: JVNDB-2015-003244 // NVD: CVE-2015-4189

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-403

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201506-403

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003244

PATCH
title:39377url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39377
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003244

EXTERNAL IDS
db:NVDid:CVE-2015-4189
Trust: 2.8
db:BIDid:75349
Trust: 1.4
db:JVNDBid:JVNDB-2015-003244
Trust: 0.8
db:CNNVDid:CNNVD-201506-403
Trust: 0.7
db:VULHUBid:VHN-82150
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82150 // 
            
            
            
            BID: 75349 // 
            
            
            
            JVNDB: JVNDB-2015-003244 // 
            
            
            
            CNNVD: CNNVD-201506-403 // 
            
            
            
            NVD: CVE-2015-4189

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39377
Trust: 2.0
url:http://www.securityfocus.com/bid/75349
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4189
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4189
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82150 // 
            
            
            
            BID: 75349 // 
            
            
            
            JVNDB: JVNDB-2015-003244 // 
            
            
            
            CNNVD: CNNVD-201506-403 // 
            
            
            
            NVD: CVE-2015-4189

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75349

SOURCES
db:VULHUBid:VHN-82150
db:BIDid:75349
db:JVNDBid:JVNDB-2015-003244
db:CNNVDid:CNNVD-201506-403
db:NVDid:CVE-2015-4189

LAST UPDATE DATE
2025-04-12T23:25:50.902000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82150date:2016-12-07T00:00:00
db:BIDid:75349date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003244date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-403date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4189date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82150date:2015-06-23T00:00:00
db:BIDid:75349date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003244date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-403date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4189date:2015-06-23T14:59:00.087