DescriptionCross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThe Open Enterprise Server update TID can be found here. No SUSE Bugzilla entries cross referenced. SUSE Security Advisories:
- TID7010166, published Sat Mar 3 09:46:04 UTC 2018