[CVE-2020-25562] SapphireIMS: CSRF

Description

In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.

CVSS 3.0 Base Score

7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)

Researcher

Tanoy Bose

POC

Limited Disclosure

Vulnerability Tracker

Disclosure timelines

  • 07 May, 2020 - Vendor informed; failed
  • 16 Sept, 2020 - Cert-CC and Cert-In Informed
Namaste.
You can know about me at my portfolio.
I follow my own Vulnerability Disclosure Policy.
Most of my work is listed here.