|10 October 2023
|Vulnerability type (CWE)
|Cross-Site Request Forgery (CWE-352)
During its own research, CERT Polska has found a CSRF (Cross-Site Request Forgery) vulnerability in SmodBIP software. This could allow a malicious actor to use a higher privileged users to execute unwanted actions under their current authentication when the user enters a specially crafted link.
The weakness has been assigned the number CVE-2023-4837. The product is currently in out-of-support state, which means that no fix should be expected. All versions of the software are believed to be vulnerable as the newest one was tested.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.