CVE-2020-26516

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4

Description: A CSRF issue allows attackers to cause a victim's browser to execute undesired actions in the web application through crafted requests. This is possible because requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted.

Recommendations: For Intland codeBeamer ALM versions 10.x through 10.1.SP4, consider implementing a CSRF token in requests sent to the server to prevent predictable and crafted requests from executing undesired actions. As a temporary workaround, restrict access to sensitive actions within the web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.