Description
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://intland.com/codebeamer/application-lifecycle-management/
Exploit, Third Party Advisory x_refsource_misc
https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt
Scores
CVSS v3
8.8
EPSS
0.0085
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (4)
intland/codebeamer
10.0.0 (5 CPE variants)
intland/codebeamer
10.0.1 sp1
intland/codebeamer
10.1.0 (5 CPE variants)
intland/codebeamer
21.04
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026