CVE-2013-1088

EUVD-2013-1128
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
novellimanager
𝑥
≤ 2.7
novellimanager
2.7
novellimanager
2.7:refresh6
novellimanager
2.7:sp4
novellimanager
2.7:sp4_patch1
novellimanager
2.7:sp4_patch2
novellimanager
2.7:sp4_patch3
novellimanager
2.7:sp4_patch4
novellimanager
2.7:sp5
novellimanager
2.7.1
novellimanager
2.7.2
novellimanager
2.7.3
novellimanager
2.7.3:ftf2
novellimanager
2.7.3:ftf4
novellimanager
2.7.3:sp3
novellimanager
2.7.4
novellimanager
2.7.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
hardy
dne
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
tomcat7
hardy
dne
lucid
dne
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260
http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260