BMC Identity Management Suite v7.5.00.103 and possibility other versions are vulnerable to cross-site request forgery vulnerabilities.
CWE-352: Cross-Site Request Forgery (CSRF):
It has been reported that BMC Identity Management Suite v7.5.00.103 and possibility other versions are vulnerable to cross-site request forgery in the user web interface.
An unauthenticated attacker could trick a victim into clicking on a malicious link that could change any passwords managed by the BMC Identity Management Suite if the victim has a current logged in session on the web interface.
We are currently unaware of a practical solution to this problem.
Thanks to Travis Lee for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-06-11|
|Date Last Updated:||2012-06-11 17:22 UTC|