Zenprise Device Manager Cross Site Request Forgery Vulnerability
BID:50724
Info
Zenprise Device Manager Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 50724 |
| Class: | Design Error |
| CVE: |
CVE-2011-4498 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 18 2011 12:00AM |
| Updated: | Nov 22 2011 06:25PM |
| Credit: | Laurent Oudot of TEHTRI-Security |
| Vulnerable: |
Zenprise Zenprise Device Manager 0 |
| Not Vulnerable: | |
Discussion
Zenprise Device Manager Cross Site Request Forgery Vulnerability
Zenprise Device Manager is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Zenprise Device Manager is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Exploit / POC
Zenprise Device Manager Cross Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
Zenprise Device Manager Cross Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Zenprise Device Manager Cross Site Request Forgery Vulnerability
References:
References:
- Zenprise Device Manager Cross Site Request Forgery Vulnerability (Zenprise)
- Zenprise Device Manager CSRF vulnerability (Laurent Oudot of TEHTRI-Security)