An issue exists in Aviatrix Controller prior to 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
aviatrix controller |
Vulmon