CVE-2019-1874

Name of the Vulnerable Software and Affected Versions Cisco Prime Service Catalog (affected versions not specified)

Description The issue is related to a lack of protection against cross-site request forgery (CSRF) attacks in the web-based management interface. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to perform arbitrary actions on the affected system with the privilege level of the affected user.

Recommendations For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation. Restrict user privileges to minimize the impact of a potential attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.