CVE-2016-0891

HIGH

EMC ViPR SRM <3.7 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Han Sahin · htmlwebappsmultiple

https://www.exploit-db.com/exploits/39738

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/136837/EMC-ViPR-SRM-Cross-Site-Request-Forgery.html

[Third Party Advisory, VDB Entry] http://seclists.org/bugtraq/2016/Apr/106

[Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2016/Apr/89

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39738/

[Exploit, Third Party Advisory, VDB Entry] https://www.securify.nl/advisory/SFY20141109/emc_m_r__watch4net__lacks_c%20ross_site_request_forgery_protection.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/538207/100/0/threaded

Scores

CVSS v3 8.8

EPSS 0.0309

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

emc/vipr_srm < 3.6.4

Published Apr 20, 2016

Tracked Since Feb 18, 2026