CVE-2016-2082
HIGHVMware vRealize Log Insight 2.x and 3.x < 3.3.2 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0008.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036078
Scores
CVSS v3
8.8
EPSS
0.0008
EPSS Percentile
24.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (8)
vmware/vrealize_log_insight
2.0
vmware/vrealize_log_insight
2.0.5
vmware/vrealize_log_insight
2.5
vmware/vrealize_log_insight
2.5.1
vmware/vrealize_log_insight
3.0
vmware/vrealize_log_insight
3.0.1
vmware/vrealize_log_insight
3.3
vmware/vrealize_log_insight
3.3.1
Published
Jul 03, 2016
Tracked Since
Feb 18, 2026