CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-1088

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260
http://www.novell.com/support/kb/doc.php?id=7010166
https://bugzilla.novell.com/show_bug.cgi?id=726260

Products affected by CVE-2013-1088

Novell » Imanager » Version: 2.7

cpe:2.3:a:novell:imanager:2.7
Novell » Imanager » Version: 2.7.1

cpe:2.3:a:novell:imanager:2.7.1
Novell » Imanager » Version: 2.7.2

cpe:2.3:a:novell:imanager:2.7.2
Novell » Imanager » Version: 2.7.3

cpe:2.3:a:novell:imanager:2.7.3
Novell » Imanager » Version: 2.7.4

cpe:2.3:a:novell:imanager:2.7.4
Novell » Imanager » Version: 2.7.5

cpe:2.3:a:novell:imanager:2.7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1088

Products

Pricing

Contact Us