SynopsisA web application running on the remote host is affected by a cross-site request forgery vulnerability.
DescriptionAccording to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from a form and then predicting the next token value that will be used to secure form submissions. By convincing a victim to visit a specially crafted form, the attacker can then use the predicted token value to force an action for a logged in user.
Note that this vulnerability can only be exploited when the <s:token/> tag is used within a form.
SolutionUpgrade to MySQL Enterprise Monitor 2.3.20 or later.