CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*

History

21 Nov 2024, 05:19

Type Values Removed Values Added
References () https://intland.com/codebeamer/application-lifecycle-management/ - Vendor Advisory () https://intland.com/codebeamer/application-lifecycle-management/ - Vendor Advisory
References () https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt - Exploit, Third Party Advisory () https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt - Exploit, Third Party Advisory

18 Oct 2023, 19:04

Type Values Removed Values Added
First Time Intland codebeamer
CPE cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:21.04:*:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*

Information

Published : 2021-06-08 13:15

Updated : 2024-11-21 05:19


NVD link : CVE-2020-26516

Mitre link : CVE-2020-26516

CVE.ORG link : CVE-2020-26516


JSON object : View

Products Affected

intland

  • codebeamer
CWE
CWE-352

Cross-Site Request Forgery (CSRF)