Cross-Site Request Forgery in Novell iManager by Novell
CVE-2013-1088

Currently unrated

Key Information:

Vendor: Novell
Status: Imanager
Vendor: CVE Published:; 24 April 2013

What is CVE-2013-1088?

The Novell iManager 2.7 software suffers from a Cross-Site Request Forgery (CSRF) vulnerability that enables remote attackers to exploit improper request validation in the iManager code. This weakness allows an attacker to hijack the authentication of users by sending crafted requests while masquerading as the legitimate user through an Apache Tomcat container. To mitigate the risk, users are encouraged to apply the latest security patches and review their access configurations.

References

http://www.novell.com/support/kb/doc.php?id=7010166

x_refsource_CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=726260

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2013
Vulnerability Reserved
Jan 11, 2013