Unrated severityNVD Advisory· Published Apr 24, 2013· Updated Apr 29, 2026
CVE-2013-1088
CVE-2013-1088
Description
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Affected products
17cpe:2.3:a:novell:imanager:2.7:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:novell:imanager:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:ftf2:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:ftf4:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:sp3:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:refresh6:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp4:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp4_patch1:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp4_patch2:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp4_patch3:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp4_patch4:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7:sp5:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:*:sp6:*:*:*:*:*:*range: <=2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.novell.com/support/kb/doc.phpnvdVendor Advisory
- bugzilla.novell.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.