Vulnerability Note VU#867980
Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting
Silver Peak VX version 220.127.116.11_47968 is vulnerable to cross-site request forgery and cross-site scripting.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2014-2974
Silver Peak VX version 18.104.22.168_47968 contains a cross-site request forgery vulnerability in /php/user_account.php that allows an unauthenticated user to create a new administrator account.
An attacker can conduct a cross-site scripting or cross-site request forgery attack, which could be used for privilege escalation or to inject arbitrary HTML content (including script) into a web page presented to the user.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Silver Peak||Affected||16 Apr 2014||23 Jul 2014|
CVSS Metrics (Learn More)
Thanks to William Costa for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2014-2974 CVE-2014-2975
- Date Public: 28 Jul 2014
- Date First Published: 28 Jul 2014
- Date Last Updated: 28 Jul 2014
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.