Description
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
Exploits (1)
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/555668
Exploit x_refsource_misc
http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html
Vendor Advisory x_refsource_confirm
http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
Scores
EPSS
0.0165
EPSS Percentile
82.1%
Details
CWE
CWE-352
Status
published
Products (13)
jamf/casper_suite
7.0
jamf/casper_suite
7.1
jamf/casper_suite
7.2
jamf/casper_suite
7.3
jamf/casper_suite
8.0
jamf/casper_suite
8.1
jamf/casper_suite
8.2
jamf/casper_suite
8.3
jamf/casper_suite
8.4
jamf/casper_suite
8.5
... and 3 more
Published
Sep 28, 2012
Tracked Since
Feb 18, 2026