Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4498

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4498
Last Modified 21 Nov 2011 12:00:00
Published 21 Nov 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4498

Summary

Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices.

Vulnerable Systems

Application

  • Zenprise Device Manager 6.0

  • Zenprise Device Manager 6.1.0

  • Zenprise Device Manager 6.1.5

  • Zenprise Device Manager 6.1.6

  • Zenprise Device Manager 6.1.8


References

CERT-VN - VU#584363

CONFIRM - http://www.zenpriseportal.com/patches/ZP_SecPatch_618_9995.zip


Last Updated: 27 May 2016 10:57:48