CVE-2023-47326: 
Java vulnerability analysis and mitigation

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. The vulnerability was discovered and disclosed in December 2023, affecting versions prior to 6.3.2. This security issue impacts the domain creation functionality in Silverpeas Core, a collaborative platform software (NVD, Rhino Labs).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue specifically affects the Domain SQL Create function, where the application fails to implement proper CSRF protections. This allows an attacker to perform unauthorized domain creation operations through cross-site request forgery attacks (NVD).

If successfully exploited, this vulnerability could allow an attacker to create additional domains for authentication when an authenticated administrator clicks on a malicious URL. This could lead to unauthorized access and potential system compromise (Rhino Labs).

The vulnerability has been fixed in Silverpeas Core version 6.3.2. Users are advised to upgrade to this version or later to mitigate the risk (NVD).