2 matches found
CVE-2013-6443
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...
CVE-2013-6443
CVE-2013-6443 affects CloudForms 3.0 Management Engine prior to 5.2.1.6, where a GET request for a destructive action could bypass Rails protect_from_forgery and enable CSRF exploitation. The issue arises in the CloudForms web application where CSRF protections could be bypassed, allowing unautho...