PT-2022-21367 · Unisys · Unisys Data Exchange Management Studio
Published
2022-09-13
·
Updated
2022-09-17
·
CVE-2022-32555
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Unisys Data Exchange Management Studio versions prior to 6.0.IC2
Unisys Data Exchange Management Studio versions 7.x prior to 7.0.IC1
Description
The issue is related to the absence of an Anti-CSRF token to authenticate POST requests, which could lead to a cross-site request forgery attack.
Recommendations
For versions prior to 6.0.IC2, update to version 6.0.IC2 or later.
For versions 7.x prior to 7.0.IC1, update to version 7.0.IC1 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unisys Data Exchange Management Studio