VIR Vulnerability Intelligence Relay

CVE-2013-1088

medium
Published 2013-04-24 · Modified 2026-04-29
CVSS v3
VIR risk
6.8

Description

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
suse novellimanager{"endIncluding":"2.7"}
suse novellimanager2.7
suse novellimanager2.7.1
suse novellimanager2.7.2
suse novellimanager2.7.3
suse novellimanager2.7.4
suse novellimanager2.7.5

References

CWEs

CWE-352

💬 Discuss CVE-2013-1088 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.