Vulnerability Details CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://intland.com/codebeamer/application-lifecycle-management/
- https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt
- https://intland.com/codebeamer/application-lifecycle-management/
- https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt
Products affected by CVE-2020-26516
-
cpe:2.3:a:intland:codebeamer:10.0.0
-
cpe:2.3:a:intland:codebeamer:10.0.1
-
cpe:2.3:a:intland:codebeamer:10.1.0
-
cpe:2.3:a:intland:codebeamer:21.04