CVE-2016-5372

MEDIUM

Netapp Snap Creator Framework < 4.3.0 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

References (2)

[Vendor Advisory] https://kb.netapp.com/support/s/article/cve-2016-5372-cross-site-request-forgery-vulnerability-in-snap-creator-framework

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20160622-0001/

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-352

Status published

Affected Products (2)

netapp/snap_creator_framework < 4.3.0

n/a/n/a

Timeline

Published Feb 07, 2017

Tracked Since Feb 18, 2026