1 Reply Latest reply on Dec 26, 2018 10:51 AM by Patrick Van Der Hyde

    Cross-site request forgery (CSRF) a.k.a one-click attack vulnerability on version 2018.3

    Selva Nachimuthu

      Cross-site request forgery (CSRF) is a client-side attack that is also known as a one-click attack, it showed up in the IBM Security App Scanner as a Medium issue type.

      Below are the Vulnerable URLs as per the scan:



      /vizportal/api/web/v1/getExtractTasks 2

      /vizportal/api/web/v1/getServerInfo 1

      /vizportal/api/web/v1/getServerSettings 1




      Is there any mitigation techniques available?