Description of vulnerability:
The web interface allows users to perform certain actions via HTTP requests without performing validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This vulnerability was addressed in software release 10.7.5 In versions prior to 10.7.5 following these best practices mitigates the risk of CSRF vulnerabilities in all browser based applications:
- Logoff immediately after using a Web application
- Do not allow your browser to save username/passwords, and do not allow sites to “remember” your login
- Do not use the same browser to access sensitive applications and to surf the Internet freely (tabbed browsing).