The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pulse Secure VTM

computer vulnerability alert CVE-2016-8201

Brocade Virtual Traffic Manager: Cross Site Request Forgery via the traffic manager

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via the traffic manager of Brocade Virtual Traffic Manager, in order to force the victim to perform operations.
Impacted products: Brocade vTM, Pulse Secure VTM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 10/01/2017.
Identifiers: BSA-2016-209, CVE-2016-8201, SA43681, VIGILANCE-VUL-21536.

Description of the vulnerability

The Brocade Virtual Traffic Manager product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via the traffic manager of Brocade Virtual Traffic Manager, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pulse Secure VTM: