cvelistv5 - cve-2018-15334

CVE-2018-15334 (GCVE-0-2018-15334)

Vulnerability from cvelistv5

Published

2018-12-28 15:00

Modified

2024-08-05 09:54

Severity ?

CWE

CSRF

Summary

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

References

URL

	Vendor	Product	Version
	F5 Networks, Inc.	BIG-IP (APM)	Version: All versions 11.2.1+

gsd-2018-15334

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

Aliases

CVE-2018-15334

Aliases

CVE-2018-15334

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-15334",
    "description": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.",
    "id": "GSD-2018-15334"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-15334"
      ],
      "details": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.",
      "id": "GSD-2018-15334",
      "modified": "2023-12-13T01:22:23.431277Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2018-15334",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP (APM)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions 11.2.1+"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5 Networks, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CSRF"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K74114570",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K74114570"
          },
          {
            "name": "106364",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106364"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.3",
                "versionStartIncluding": "11.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.0",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.1.1",
                "versionStartIncluding": "13.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.3",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2018-15334"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K74114570",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K74114570"
            },
            {
              "name": "106364",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106364"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-01-04T13:06Z",
      "publishedDate": "2018-12-28T15:29Z"
    }
  }
}

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. F5 BIG-IP APM is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The following versions of BIG-IP APM are vulnerable: 14.0.0 through 14.1.0 13.0.0 through 13.1.1 12.1.0 through 12.1.3 11.5.1 through 11.6.3. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. APM webtop is one of the access portals

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0374",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.6.3"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.3"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.8"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.7"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.2"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "14.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.5"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.6"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.3"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.1.0.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "106364"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-15334",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-15334",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-125583",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-15334",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-15334",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-15334",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-1174",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-125583",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. F5 BIG-IP APM is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. \nAn attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThe following versions of BIG-IP APM are vulnerable:\n14.0.0 through 14.1.0\n13.0.0 through 13.1.1\n12.1.0 through 12.1.3\n11.5.1 through 11.6.3. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. APM webtop is one of the access portals",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "BID",
        "id": "106364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-15334",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "106364",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-125583",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "db": "BID",
        "id": "106364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "id": "VAR-201812-0374",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:51:53.870000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K74114570",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/K74114570"
      },
      {
        "title": "APM webtop Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88207"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.f5.com/csp/article/k74114570"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/106364"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15334"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15334"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "db": "BID",
        "id": "106364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "date": "2018-12-28T00:00:00",
        "db": "BID",
        "id": "106364"
      },
      {
        "date": "2019-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "date": "2018-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "date": "2018-12-28T15:29:00.437000",
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125583"
      },
      {
        "date": "2018-12-28T00:00:00",
        "db": "BID",
        "id": "106364"
      },
      {
        "date": "2019-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      },
      {
        "date": "2019-01-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      },
      {
        "date": "2024-11-21T03:50:35.363000",
        "db": "NVD",
        "id": "CVE-2018-15334"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "APM webtop Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012906"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1174"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-15334

Vulnerability from fkie_nvd

Published

2018-12-28 15:29

Modified

2024-11-21 03:50

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

References

URL	Tags
f5sirt@f5.com	http://www.securityfocus.com/bid/106364	Third Party Advisory, VDB Entry
f5sirt@f5.com	https://support.f5.com/csp/article/K74114570	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106364	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K74114570	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E6AF24-0676-4B70-A289-7B81321194DF",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB42D3A-71EE-4367-9F65-86404D74E59D",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1331467F-B278-485E-AD91-7D0643C2F3DB",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad Cross-Site Request Forgery (CSRF) en APM webtop, en versiones 11.2.1 o posteriores, podr\u00eda permitir que un atacante fuerce una sesi\u00f3n de APM webtop a que cierre la sesi\u00f3n y requiera reautenticarse."
    }
  ],
  "id": "CVE-2018-15334",
  "lastModified": "2024-11-21T03:50:35.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-28T15:29:00.437",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106364"
    },
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K74114570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K74114570"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-f3m5-h3mx-mqf3

Vulnerability from github

Published

2022-05-14 01:43

Modified

2022-05-14 01:43

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-15334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-28T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.",
  "id": "GHSA-f3m5-h3mx-mqf3",
  "modified": "2022-05-14T01:43:15Z",
  "published": "2022-05-14T01:43:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15334"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K74114570"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106364"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-15334 (GCVE-0-2018-15334)

Vulnerability from cvelistv5

gsd-2018-15334

Vulnerability from gsd

var-201812-0374

Vulnerability from variot

fkie_cve-2018-15334

Vulnerability from fkie_nvd

ghsa-f3m5-h3mx-mqf3

Vulnerability from github

Tags

Sightings

Nomenclature