Описание
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.0022
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
EPSS
Процентиль: 44%
0.0022
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352