A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
References
Link | Resource |
---|---|
https://intland.com/codebeamer/application-lifecycle-management/ | Vendor Advisory |
https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt | Exploit Third Party Advisory |
https://intland.com/codebeamer/application-lifecycle-management/ | Vendor Advisory |
https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://intland.com/codebeamer/application-lifecycle-management/ - Vendor Advisory | |
References | () https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt - Exploit, Third Party Advisory |
18 Oct 2023, 19:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Intland codebeamer
|
|
CPE | cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.1:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp2:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:21.04:*:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:prerelease4:*:*:*:*:*:* |
cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:* |
Information
Published : 2021-06-08 13:15
Updated : 2024-11-21 05:19
NVD link : CVE-2020-26516
Mitre link : CVE-2020-26516
CVE.ORG link : CVE-2020-26516
JSON object : View
Products Affected
intland
- codebeamer
CWE
CWE-352
Cross-Site Request Forgery (CSRF)