First published: Thu Apr 09 2020(Updated: )
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
Credit: secure@symantec.com
Affected Software | Affected Version | How to fix |
---|---|---|
Symantec Management Center | =2.2 | |
Symantec Management Center | =2.3 | |
Symantec Management Center | =2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18376 is a CSRF token disclosure vulnerability that allows a remote attacker to obtain CSRF tokens and perform CSRF attacks against Symantec Management Center.
CVE-2019-18376 works by allowing a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
CVE-2019-18376 has a severity rating of medium with a CVSS score of 5.9.
Symantec Management Center versions 2.2, 2.3, and 2.4 are affected by CVE-2019-18376.
To fix CVE-2019-18376, it is recommended to upgrade to a patched version of Symantec Management Center.