ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

CVE Identifier: CVE-2016-0891

EMC Identifier: ESA-2016-039

Severity Rating: CVSS Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected products: 
EMC ViPR SRM versions prior to 3.7

Summary: 
EMC ViPR SRM contains fixes for Cross-Site Request Forgery vulnerabilities that may potentially be exploited by malicious users to compromise the affected system.

Details:
EMC ViPR SRM is affected by multiple cross-site request forgery vulnerabilities in certain administrative pages of the application. Attackers may potentially exploit these vulnerabilities to execute unauthorized requests on behalf of authenticated administrative users of the application.

Resolution” 
The following EMC ViPR SRM release contains resolutions to these vulnerabilities:

EMC ViPR SRM version 3.7 or later

EMC recommends all customers upgrade at the earliest opportunity.

Link To Remedies: 
Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM.

Credits:
EMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting these vulnerabilities.

EMC Product Security Response Center
security_alert@emc.com