CVE-2016-1607

moderate-risk

Published 2016-08-01

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.

Do I need to act?

0.97% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40161

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (2)

Filr

Affected Vendors

Novell

References (10)

http://seclists.org/bugtraq/2016/Jul/119

http://www.securityfocus.com/bid/92113

https://download.novell.com/Download?buildid=3V-3ArYN85I~

https://www.exploit-db.com/exploits/40161/

https://www.novell.com/support/kb/doc.php?id=7017786

http://seclists.org/bugtraq/2016/Jul/119

http://www.securityfocus.com/bid/92113

https://download.novell.com/Download?buildid=3V-3ArYN85I~

https://www.exploit-db.com/exploits/40161/

https://www.novell.com/support/kb/doc.php?id=7017786

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 7/34 · Low