CVE-2020-25095

Name of the Vulnerable Software and Affected Versions LogRhythm Platform Manager version 7.4.9

Description The LogRhythm Platform Manager is vulnerable to Cross-site Request Forgery (CSRF) and Cross-site WebSocket Hijacking (CSWH). If a logged-in user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user, potentially resulting in command execution.

Recommendations For LogRhythm Platform Manager version 7.4.9, consider disabling WebSocket functionality until a patch is available to prevent potential command execution. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the same browser session for both the LogRhythm Platform Manager and other potentially malicious sites.