vendor:
Identity Management
by:
Unknown
8,8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: Identity Management
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
Unknown
BMC IDM Change PW CSRF PoC
Identity Management is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
Mitigation:
Implement proper validation of HTTP requests.
