Cross-Site Request Forgery (CSRF) Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6)

CVE-2020-14203 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044.

Learn more about our User Device Pen Test.