Sparx Systems Pro Cloud Server Cross-Site Request Forgery Vulnerability Allowing Session Hijacking

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server versions prior to 6.0.165 allows attackers to hijack user sessions. This vulnerability is present throughout the entire application and can be exploited to change the Pro Cloud Server Configuration password.

Impact

Exploitation of this vulnerability could lead to session hijacking, allowing an attacker to impersonate a user and potentially gain unauthorized access to sensitive information or functions within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sparx Systems Pro Cloud Server Cross-Site Request Forgery Vulnerability Allowing Session Hijacking

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating