PT-2010-3024 · Suse · Suse Lifecycle Management Server+1

Published

2010-09-03

Updated

2017-08-17

CVE-2010-1325

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SUSE Lifecycle Management Server (SLMS) version 1.0 on SUSE Linux Enterprise (SLE) 11

Description A cross-site request forgery (CSRF) issue exists due to improper parameter quoting, allowing remote attackers to hijack the authentication of victims.

Recommendations For SUSE Lifecycle Management Server (SLMS) version 1.0 on SUSE Linux Enterprise (SLE) 11, consider implementing proper quoting of parameters to prevent CSRF attacks. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2010-1325

Affected Products

Suse Lifecycle Management Server

Suse Linux Enterprise

PT-2010-3024 · Suse · Suse Lifecycle Management Server+1

CVE-2010-1325

Weakness Enumeration

Related Identifiers

Affected Products

References · 6