CVE-2020-13416 – An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface …

Vuln ID: CVE-2020-13416

Published:  2020-05-22  21:15:12Z

Description: An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.

Source: NVD.NIST.GOV

 

Tags