Novell iManager Cross-Site-Request Forgery Vulnerability
BID:59042
Info
Novell iManager Cross-Site-Request Forgery Vulnerability
| Bugtraq ID: | 59042 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1088 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2013 12:00AM |
| Updated: | Apr 10 2013 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Novell iManager 2.7.0 |
| Not Vulnerable: |
Novell iManager 2.7 SP6 Patch 1 |
Discussion
Novell iManager Cross-Site-Request Forgery Vulnerability
Novell iManager is prone to a cross-site-request forgery vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Novell iManager versions prior to 2.7 SP6 Patch 1 are vulnerable.
Novell iManager is prone to a cross-site-request forgery vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Novell iManager versions prior to 2.7 SP6 Patch 1 are vulnerable.
Exploit / POC
Novell iManager Cross-Site-Request Forgery Vulnerability
To exploit the issue an attacker must entice an unsuspecting victim to follow a malicious URI.
To exploit the issue an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Novell iManager Cross-Site-Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Novell iManager Cross-Site-Request Forgery Vulnerability
References:
References:
- History of Issues Resolved for Novell iManager 2.7 (Novell)
- iManager Homepage (Novell)