CVE-2013-1088

Novell iManager < 2.7 SP6 Patch 1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7010166
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=726260

Scores

EPSS 0.0026
EPSS Percentile 49.8%

Details

CWE
CWE-352
Status published
Products (7)
novell/imanager 2.7 (8 CPE variants)
novell/imanager 2.7.1
novell/imanager 2.7.2
novell/imanager 2.7.3 (4 CPE variants)
novell/imanager 2.7.4
novell/imanager 2.7.5
novell/imanager < 2.7
Published Apr 24, 2013
Tracked Since Feb 18, 2026