CVE-2015-3624

Name of the Vulnerable Software and Affected Versions Ektron Content Management System (CMS) versions prior to 9.10 SP1 (Build 9.1.0.184.1.120)

Description The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. The vulnerability is located in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx.

Recommendations For versions prior to 9.10 SP1 (Build 9.1.0.184.1.120), update to version 9.10 SP1 (Build 9.1.0.184.1.120) or later to resolve the issue. As a temporary workaround, consider restricting access to the MenuActions.aspx page to minimize the risk of exploitation.