Cross-site request forgery (CSRF) is a type of malicious website attack. A CSRF attack is sometimes called a one-click attack or session riding. This type of attack sends unauthorized requests from a user that the website trusts.
CSRF uses the trust that a site has in the browser of an authenticated user for malicious attacks. CSRF uses links or scripts to send involuntary HTTP requests to a target site where the user is authenticated. Unless precautions are taken, the WebSEAL management pages, such as /pkmslogout, are susceptible to a CSRF attack. For example, an attacker might get an authenticated WebSEAL user to involuntarily log out by getting their browser to follow a link to /pkmslogout.
You can configure WebSEAL to help mitigate this type of vulnerability.