ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

[Security Alert <Security_Alert@xxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

CVE Identifier: CVE-2016-0891

EMC Identifier: ESA-2016-039

Severity Rating: CVSS Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected products: 
EMC ViPR SRM versions prior to 3.7

Summary: 
EMC ViPR SRM contains fixes for Cross-Site Request Forgery vulnerabilities that 
may potentially be exploited by malicious users to compromise the affected 
system.

Details:
EMC ViPR SRM is affected by multiple cross-site request forgery vulnerabilities 
in certain administrative pages of the application. Attackers may potentially 
exploit these vulnerabilities to execute unauthorized requests on behalf of 
authenticated administrative users of the application.

Resolutionâ??   
The following EMC ViPR SRM release contains resolutions to these 
vulnerabilities:

EMC ViPR SRM version 3.7 or later

EMC recommends all customers upgrade at the earliest opportunity.

Link To Remedies:       
Registered EMC Online Support customers can download patches and software from 
support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM.

Credits:
EMC would like to thank Han Sahin of Securify B.V. (han.sahin@xxxxxxxxxxx) for 
reporting these vulnerabilities.

EMC Product Security Response Center
security_alert@xxxxxxx
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJXFjj3AAoJEHbcu+fsE81ZcykH/RJcqjgkJjClMbteJ2nXRvtG
tvaFnR30D7lq6vmbB/eMp5p23tTuFtaPqmIVmc6yJhqHqan4lUHPPu2xTN+baGIg
Gc4bxWtHpyDGA40B7mU53hsEK/7g6lqUtwPXB4PVgQNDwIrftnMd644yBaaokZhF
HfasnLP6cYs3fgmp9XFzpKDNZAToOYmCP+f/rgcrTCqUBfvvMVXeheXTiVcV0mTn
mey7xs0fwREiyaoj0UQToL+oImg+RJr6zBC3VtWGq3WdnwGWyv3nF0rF6hnQYH3g
oBYWeFAJkrseDDMiDXETOl6h9LtFfntnDY1JCUB+LxQq8wPtVY1Q1yYXMYZizqU=
=w2gq
-----END PGP SIGNATURE-----