Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
https://www.novell.com/support/kb/doc.php?id=7017786
https://www.exploit-db.com/exploits/40161/
https://download.novell.com/Download?buildid=3V-3ArYN85I~