CVE-2018-7216

Name of the Vulnerable Software and Affected Versions Bravo Tejari Procurement Portal (affected versions not specified)

Description A cross-site request forgery (CSRF) issue exists due to the lack of anti-CSRF tokens, allowing remote authenticated users to hijack the authentication of application users for requests that modify their personal data. This can be achieved by leveraging the esop/toolkit/profile/regData.do endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.