Lack of Anti-CSRF Protection on Business Central
Issue
There is no anti-CSRF token used by Business Central. This could allow attackers to capture a user’s session token and then replay it for attacks.
Environment
Red Hat JBoss BPM Suite 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
