3 matches found
CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...
CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...
CVE-2020-13416
The CVE-2020-13416 issue affects Aviatrix Controller prior to 5.4.1066. A CSRF vulnerability arises because a Controller Web Interface session token parameter is not required on an API call, enabling password resets via CSRF. Impact is password reset abuse; exploitation details are not provided b...