HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability

HP UCMDB Browser is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions. Other attacks are also possible.

Information

Bugtraq ID: 104483
Class: Input Validation Error
CVE: CVE-2018-6496

Remote: Yes
Local: No
Published: Jun 15 2018 12:00AM
Updated: Jun 15 2018 12:00AM
Credit: Mateusz Garncarek
Vulnerable: HP UCMDB Browser 4.15.1
HP UCMDB Browser 4.15
HP UCMDB Browser 4.14
HP UCMDB Browser 4.13
HP UCMDB Browser 4.12
HP UCMDB Browser 4.11
HP UCMDB Browser 4.10

Not Vulnerable:

Exploit

To exploit this issue an attacker must entice a user into visiting a malicious site.

References:

• HP HomePage (HP)
  
• MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF (HP)
  

Source: www.securityfocus.com