CVE-2019-19987

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29

Description The issue allows Cross-Site Request Forgery (CSRF) on any HTML form, enabling an attacker to abuse functionalities such as changing passwords, adding users, adding privileges, and more.

Recommendations For versions 4.15.0 through 4.29, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent exploitation of the vulnerable HTML forms. As a temporary workaround, restrict access to sensitive functionalities like change password, add user, and add privilege until a proper fix is applied.