Description
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.
CVSS 3.0 Base Score
7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Researcher
Tanoy Bose
POC
Limited Disclosure
Vulnerability Tracker
Disclosure timelines
- 07 May, 2020 - Vendor informed; failed
- 16 Sept, 2020 - Cert-CC and Cert-In Informed
