CVE-2013-1088

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
novellimanager
𝑥
≤ 2.7
novellimanager
2.7
novellimanager
2.7:refresh6
novellimanager
2.7:sp4
novellimanager
2.7:sp4_patch1
novellimanager
2.7:sp4_patch2
novellimanager
2.7:sp4_patch3
novellimanager
2.7:sp4_patch4
novellimanager
2.7:sp5
novellimanager
2.7.1
novellimanager
2.7.2
novellimanager
2.7.3
novellimanager
2.7.3:ftf2
novellimanager
2.7.3:ftf4
novellimanager
2.7.3:sp3
novellimanager
2.7.4
novellimanager
2.7.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
dne
tomcat7
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260
http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260