CVE-2013-1109: CSRF
First published: Thu Jan 17 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco WebEx Training Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1109?
CVE-2013-1109 is considered a medium severity vulnerability due to its potential impact on user authentication.
How can I fix CVE-2013-1109?
To fix CVE-2013-1109, ensure that you're using the latest version of Cisco WebEx Training Center, as updates may address this vulnerability.
What types of attacks are possible with CVE-2013-1109?
CVE-2013-1109 allows attackers to perform cross-site request forgery attacks to delete tests on behalf of authenticated users.
Who is affected by CVE-2013-1109?
Any user of Cisco WebEx Training Center who has been authenticated is at risk of CVE-2013-1109.
Is there a workaround for CVE-2013-1109?
Currently, disabling CSRF protection is advised only as a temporary workaround until a patch can be applied for CVE-2013-1109.
- collector/nvd-index
- vendor/cisco
- canonical/cisco webex training center