1 Reply Latest reply on Dec 26, 2018 10:51 AM by Patrick Van Der Hyde

    Cross-site request forgery (CSRF) a.k.a one-click attack vulnerability on version 2018.3

    Selva Nachimuthu
    Selva Nachimuthu Nov 13, 2018 12:28 PM

      Cross-site request forgery (CSRF) is a client-side attack that is also known as a one-click attack, it showed up in the IBM Security App Scanner as a Medium issue type.

      Below are the Vulnerable URLs as per the scan:

      /vizportal/api/web/v1/getActionInfo

      /vizportal/api/web/v1/getEffectivePermissions

      /vizportal/api/web/v1/getExtractTasks 2

      /vizportal/api/web/v1/getServerInfo 1

      /vizportal/api/web/v1/getServerSettings 1

      /vizportal/api/web/v1/getSiteSettingsForServerAdmin

      /vizportal/api/web/v1/hasSiteLicensingConsumptionInfo

       

      Is there any mitigation techniques available?