Vulnerability Description: Multiple Cross-Site request forgery pre authentication
Software Version: VAM: Visual Access Manager - 4.15.0 > 4.29
NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-19987
CVSv3: 6.5
Severity: Medium
Credits: Alessandro Bosco, Luca Di Giuseppe, Mattia Campanelli, Valerio Preti, Stefano Scipioni, Massimiliano Brolli.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which he is currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. This vulnerability has been found in several page. An attacker can exploit it in functionalities such as change password, add user, add privileges and so on.