CVE-2015-4274

Medium CVSS 6.8

Overview

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

CWE: CWE-352 Published: 2015-07-16T19:59:01.007

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.8 (MEDIUM)
Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Overview

Recommended tools

Tags