Description
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43681
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95930
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/192371
Various Sources x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114
Various Sources x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
Scores
CVSS v3
8.0
EPSS
0.0047
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
brocade/virtual_traffic_manager
< 11.0
n/a/Brocade Virtual Traffic Manager versions released prior to and including 11.0
Brocade Virtual Traffic Manager versions released prior to and including 11.0
Published
Jan 14, 2017
Tracked Since
Feb 18, 2026