A CSRF issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing malicious users to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
intland codebeamer 10.1.0 |
||
intland codebeamer 10.0.0 |
||
intland codebeamer 10.0.1 |
||
intland codebeamer 21.04 |