CVE-2013-6443

Published: Jan 23, 2014Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

Affected (3)

Products: Redhat: Cloudforms, Cloudforms 3.0 Management Engine

Redhat

2 products

Cloudforms

Cloudforms 3.0 Management Engine

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 3.0
Redhat Cloudforms 3.0 Management Engine	Up to 5.2.1
Redhat Cloudforms 3.0 Management Engine	Version 5.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://rhn.redhat.com/errata/RHSA-2014-0025.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id/1029606

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1029606

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.