CVE-2019-18651

Name of the Vulnerable Software and Affected Versions 3xLogic Infinias Access Control versions prior to 6.6.9586.0

Description A cross-site request forgery issue allows remote attackers to execute malicious actions by sending a crafted HTML document or encoded URL to a user with an active privileged session, potentially leading to unauthorized actions such as deleting application users.

Recommendations For versions prior to 6.6.9586.0, update to a version that includes the fix for this issue to prevent remote attackers from executing malicious actions. As a temporary workaround, consider restricting access to privileged sessions and validating user requests to minimize the risk of exploitation.