Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Intland codeBeamer ALM 跨站请求伪造漏洞
Vulnerability Description
Intland Software codeBeamer ALM是德国Intland Software公司的一套应用程序生命周期管理平台。该平台支持应用程序生命周期管理、需求管理、风险管理和软件开发等功能。 Intland codeBeamer ALM 10中存在安全漏洞,该漏洞源于发送到服务器的触发操作的请求不包含CSRF令牌,因此可以完全预测到攻击者可利用该漏洞通过精心设计的请求导致受害者的浏览器在web应用程序中执行不希望的操作。
CVSS Information
N/A
Vulnerability Type
N/A