CVE-2018-5329

Name of the Vulnerable Software and Affected Versions ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks on authenticated pages, specifically those under the "/CWEBNET/*" endpoint. A successful attack can force a user to perform unintended actions, such as creating new users or changing email addresses. If the targeted account has administrative privileges, the entire web application can be compromised.

Recommendations For version 5.18.0.0, consider implementing CSRF token validation to prevent unauthorized requests, and restrict access to sensitive operations to minimize the risk of exploitation. As a temporary workaround, restrict access to the "/CWEBNET/*" endpoint for non-essential users until a patch is available.