CVE-2021-22512

Name of the Vulnerable Software and Affected Versions Micro Focus Application Automation Tools Plugin versions 6.7 and earlier

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. It affects the form validation process, allowing it to occur without proper permission checks. This could enable attackers with certain permissions to connect to specified URLs using specified usernames and passwords. The vulnerability also stems from the fact that form validation methods do not require POST requests, further facilitating CSRF attacks.

Recommendations For versions 6.7 and earlier, consider updating to version 6.8 or later, which requires POST requests and Overall/Administer permission for the affected form validation methods, thus mitigating the risk. As a temporary workaround, restrict access to the form validation methods to minimize the risk of exploitation. Additionally, ensure that only authorized personnel have Overall/Administer permission to further reduce the vulnerability's impact.