CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-3583
Corporater EPM Suite contains a cross-site request forgery vulnerability on the saveProperties.html page through a webpage constructed and sent to a previously authenticated user to make an unauthorized change to their password.
We are currently unaware of a practical solution to this problem.
Thanks to Tudor Enache of Help AG Middle East for reporting this vulnerability.
This document was written by Adam Rauf.