<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/af578c3a18584b71b3aeccbd2f2165fd/pixel?tag=ViewContent&amp;noscript=1">
landing-page_header_software_01.jpg

Security Advisory CVE-2018-10231 & 10232

CVE-2018-10231: Reflected/Persistent Cross-Site Scripting vulnerability in TOPdesk 
CVE-2018-10232: Cross-Site Request Forgery vulnerability in TOPdesk


Affected Products

TOPdesk 8.05.016 and before

TOPdesk 5.7.SR8 and before

Unaffected Products

TOPdesk 8.05.017 (June 2018 version)

TOPdesk 5.7.SR9

Summary

TOPdesk requires a security update to address potential vulnerabilities.

Details

A Reflected/Persistent Cross-Site Scripting (XSS) vulnerability and a Cross-Site Request Forgery (CSRF) vulnerability have been identified in TOPdesk 8.05.016, and TOPdesk 5.7.SR8 and before (CVE-2018-10231, CVE-2018-10232).

These vulnerabilities could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if these vulnerabilities are used to execute script in the browser of an authenticated user then the script may be able to gain access to the users’ session or other potentially sensitive information.

The Common Vulnerabilities and Exposures (CVE) project have assigned the ID's CVE-2018-10231 and CVE-2018-10232 to these issues. These are entries on the CVE List, which standardizes names for security problems.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10231

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10232

Credit

TOPdesk would like to thank Frank Spierings from Warpnet for reporting CVE-2018-10231 and CVE-2018-10232.

Obtaining Downloads

To obtain the latest TOPdesk product downloads, log on to your TOPdesk portal.

Obtaining More Information

For more information about TOPdesk, visit the TOPdesk website.

Getting Support and Service

For customers with current maintenance contracts, contact your TOPdesk Support center with any additional questions regarding this security Note.

Updates

TOPdesk will continue to update this page when more information is available.