4.3
CVSSv2

CVE-2020-13416

Published: 22/05/2020 Updated: 26/05/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in Aviatrix Controller prior to 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.

Vulnerability Trend

Affected Products

Vendor Product Versions
AviatrixController2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 4.0, 4.1.914, 4.1.946, 4.2.634, 4.2.740, 4.2.764, 4.3.1230, 4.3.1262, 4.3.1275, 4.6.587, 4.7.378, 4.7.419, 4.7.473, 4.7.494, 4.7.501, 4.7.581, 4.7.590, 5.0.2667, 5.0.2754, 5.0.2768, 5.0.2773, 5.0.2782, 5.1.842, 5.1.845, 5.1.935, 5.1.943, 5.1.962, 5.1.969, 5.1.973, 5.1.989, 5.1.1016, 5.1.1183, 5.2.1991, 5.2.2011, 5.2.2047, 5.2.2071, 5.2.2092, 5.2.2122, 5.3.1391, 5.3.1399, 5.3.1428, 5.3.1468, 5.3.1491, 5.3.1499, 5.3.1516, 5.3.1524