Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2908

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Nov, 2012 | 20:00
Updated At-06 Aug, 2024 | 23:15
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Nov, 2012 | 20:00
Updated At:06 Aug, 2024 | 23:15
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2012-1165.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/54915
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
vdb-entry
x_refsource_XF
http://secunia.com/advisories/50230
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0192.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0198.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1152.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0195.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0196.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0193.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/51984
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/50549
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=730176
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2013-0191.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-1232.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0197.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0194.html
vendor-advisory
x_refsource_REDHAT
http://www.osvdb.org/84530
vdb-entry
x_refsource_OSVDB
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1165.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/54915
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/50230
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0198.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1152.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/51984
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/50549
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=730176
Resource:
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1232.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0194.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.osvdb.org/84530
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2012-1165.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/54915
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/50230
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0192.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0198.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1152.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0195.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0196.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0193.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/51984
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/50549
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=730176
x_refsource_MISC
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0191.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1232.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0197.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0194.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.osvdb.org/84530
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1165.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/54915
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/50230
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0198.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1152.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/51984
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/50549
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=730176
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1232.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0194.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.osvdb.org/84530
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:23 Nov, 2012 | 20:55
Updated At:11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>jboss_enterprise_brms_platform>>5.3.0
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>Versions up to 5.2.1(inclusive)
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>5.0.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>5.0.1
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>5.1.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>5.1.1
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_portal_platform>>5.2.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_soa_platform>>5.3.0
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2012-1152.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1165.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1232.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0191.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0192.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0193.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0194.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0195.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0196.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0197.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0198.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/50230secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/50549secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/51984secalert@redhat.com
N/A
http://www.osvdb.org/84530secalert@redhat.com
N/A
http://www.securityfocus.com/bid/54915secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=730176secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1152.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1165.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1232.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0191.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0192.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0193.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0194.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0195.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0196.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0197.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0198.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50230af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/50549af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/51984af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/84530af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/54915af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=730176af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77549af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1152.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1165.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1232.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0194.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0198.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/50230
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/50549
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51984
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.osvdb.org/84530
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/54915
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=730176
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1152.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1165.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1232.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0194.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0198.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/50549
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51984
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/84530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/54915
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=730176
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77549
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

197Records found
CVE-2008-3736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 20:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

Action-Not Available
Vendor-spacetagsystem_consultantsn/a
Product-lacoodastla_cooda_wizn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-8201
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-8||HIGH
EPSS-0.14% / 34.98%
||
7 Day CHG~0.00%
Published-14 Jan, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.

Action-Not Available
Vendor-n/aBrocade Communications Systems, Inc. (Broadcom Inc.)
Product-virtual_traffic_managerBrocade Virtual Traffic Manager versions released prior to and including 11.0
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-8513
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8||HIGH
EPSS-0.17% / 39.09%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-version_control_repository_managerVersion Control Repository Manager (VCRM)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-7904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-16 Jan, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-8018
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.95%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-virusscan_enterpriseVirusScan Enterprise Linux (VSEL)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-7507
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-19 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.

Action-Not Available
Vendor-n/aGLPI Project
Product-glpin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-5789
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Action-Not Available
Vendor-jantekn/a
Product-jtc-200jtc-200_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34792
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8||HIGH
EPSS-0.09% / 26.56%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

Action-Not Available
Vendor-Jenkins
Product-recipeJenkins Recipe Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.40% / 59.76%
||
7 Day CHG~0.00%
Published-25 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

Action-Not Available
Vendor-n/aMoodle Pty LtdDebian GNU/Linux
Product-debian_linuxmoodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.07% / 21.20%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_manager_web_clientservice_manager_mobilityservice_manager_windows_clientservice_manager_service_request_catalogservice_manager_serverservice_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-4506
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-resourcedmn/a
Product-intuitive_650_tdb_controllern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2863
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 28.67%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commercen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2878
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2884
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-forms_experience_buildern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0386
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0272
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-10223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.59%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 08:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5412
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6||MEDIUM
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-26 Aug, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-version_control_repository_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.16% / 37.00%
||
7 Day CHG~0.00%
Published-06 Oct, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.

Action-Not Available
Vendor-phpbugtracker_projectn/a
Product-phpbugtrackern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2134
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6||MEDIUM
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-21 Jul, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2026
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-04 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_extreme_scalen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.67% / 70.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 20:00
Updated-06 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl.

Action-Not Available
Vendor-kohan/a
Product-kohan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9991
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.16% / 37.92%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_selling_and_fulfillment_foundationSterling Order Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0115
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.09% / 25.95%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts.

Action-Not Available
Vendor-n/aIBM Corporation
Product-leadsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.14% / 34.95%
||
7 Day CHG~0.00%
Published-29 Sep, 2020 | 18:52
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.

Action-Not Available
Vendor-lansweepern/a
Product-lansweepern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-6187
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-24 Dec, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_service_registry_and_repositoryn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-4839
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-29 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-4816
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-23 Sep, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27198
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8||HIGH
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Action-Not Available
Vendor-Jenkins
Product-cloudbees_aws_credentialsJenkins CloudBees AWS Credentials Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3058
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xc10_appliance_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3040
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.24% / 46.71%
||
7 Day CHG~0.00%
Published-26 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-emptoris_sourcing_portfolioemptoris_contract_managementemptoris_spend_analysisn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-6168
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-29 Dec, 2014 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0944
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-09 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-operational_decision_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20758
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 05:35
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0961
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_managertivoli_identity_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-8718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Action-Not Available
Vendor-n/aJenkins
Product-mailern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-4785
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.10% / 28.20%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-initiate_master_data_servicen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.14% / 34.61%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 03:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.

Action-Not Available
Vendor-typesettercmsn/a
Product-typesettern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-5073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.09%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Ticket Booking has CSRF via admin/movieedit.php.

Action-Not Available
Vendor-advanced_real_estate_script_projectn/a
Product-advanced_real_estate_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3037
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_software_architect_design_managerrational_rhapsody_design_managerrational_engineering_lifecycle_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3024
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.15% / 36.45%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-smartcloud_control_deskmaximo_asset_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3992
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.18% / 39.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_biginsightsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4671
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-6||MEDIUM
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gateway_appliance_8490web_gateway_appliance_8450web_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2641
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-02 Oct, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4050
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.09% / 27.02%
||
7 Day CHG~0.00%
Published-08 Nov, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2369
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6||MEDIUM
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-omronn/a
Product-ns5_hmi_terminalns10_hmi_terminalns15_hmi_terminalns_series_system_program_firmwarens12_hmi_terminalns8_hmi_terminaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0929
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.

Action-Not Available
Vendor-n/aIBM Corporation
Product-connectionsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21665
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 14:25
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-xebialabs_xl_deployJenkins XebiaLabs XL Deploy Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.56%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bus Booking Script has CSRF via admin/new_master.php.

Action-Not Available
Vendor-doditsolutionsn/a
Product-bus_booking_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-0235
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-21 Feb, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-advantech_webaccessn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found