Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-5950

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-23 Apr, 2013 | 10:00
Updated At-06 Aug, 2024 | 21:21
Rejected At-
Credits

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:23 Apr, 2013 | 10:00
Updated At:06 Aug, 2024 | 21:21
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg21628849
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
vdb-entry
x_refsource_XF
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21628849
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg21628849
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21628849
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:23 Apr, 2013 | 11:47
Updated At:11 Apr, 2025 | 00:51

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
IBM Corporation
ibm
>>tririga_application_platform>>2.1
cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>2.5
cpe:2.3:a:ibm:tririga_application_platform:2.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>2.6
cpe:2.3:a:ibm:tririga_application_platform:2.6:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>2.7
cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>3.0
cpe:2.3:a:ibm:tririga_application_platform:3.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>3.1
cpe:2.3:a:ibm:tririga_application_platform:3.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>3.2
cpe:2.3:a:ibm:tririga_application_platform:3.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>3.2.1
cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>tririga_application_platform>>8.0
cpe:2.3:a:ibm:tririga_application_platform:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www-01.ibm.com/support/docview.wss?uid=swg21628849psirt@us.ibm.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80630psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21628849af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80630af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21628849
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21628849
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80630
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2619Records found
CVE-2008-6106
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 21:32
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-workplace_for_business_controls_and_reportingworkplace_web_content_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1927
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-2000
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.95%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 14:50
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Automation Workflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1934
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_business_intelligenceCognos Business Intelligence
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1926
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.37%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-2001
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 18:35
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCram Social Program Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1858
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 38.87%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2963
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-bigfix_remote_controln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1790
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 14:40
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_managerFinancial Transaction Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2889
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-jazz_reporting_servicen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2901
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-26 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-web_content_managerwebsphere_portaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0335
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.61%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0295
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.08%
||
7 Day CHG~0.00%
Published-28 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

Action-Not Available
Vendor-n/aIBM Corporation
Product-bigfix_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1300
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.

Action-Not Available
Vendor-IBM Corporation
Product-openpages_grc_platformOpenPages GRC Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-7407
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-02 Jan, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-mashups_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1194
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverIBM WebSphere Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-7446
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.49%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-flashsystem_9846-ac2flashsystem_9846-ae2flashsystem_9848-ae2flashsystem_v9000_firmwareflashsystem_9848-ac2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-7465
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-10 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-jazz_reporting_servicen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1097
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5050
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.79%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-emptoris_contract_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9714
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.83%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_master_data_management_serverInfoSphere Master Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-1894
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 26.57%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-optim_workload_replayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9716
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_master_data_management_serverInfoSphere Master Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-2009
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 18:00
Updated-06 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6033
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_storage_flashcopy_manager_for_vmwaretivoli_storage_manager_for_virtual_environments_data_protection_for_vmwareTivoli Storage Manager for Virtual Environments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6100
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771.

Action-Not Available
Vendor-IBM Corporation
Product-disposal_and_governance_management_for_itglobal_retention_policy_and_schedule_managementAtlas Policy Suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-5889
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-10 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.

Action-Not Available
Vendor-IBM Corporation
Product-interactInteract
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29888
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29757
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar User Behavior Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0145
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-openpages_grc_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-9565
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.

Action-Not Available
Vendor-n/aIBM Corporation
Product-ib6131_firmwareib6131en6131en6131_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29837
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-3007
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-connectionsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8925
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-6214
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.97%
||
7 Day CHG~0.00%
Published-13 Mar, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3015
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.38%
||
7 Day CHG~0.00%
Published-24 May, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametime_proxy_server_and_web_clientn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3061
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-26 Aug, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-emptoris_spend_analysisn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1661
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.11%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 14:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateways
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0835
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-30 Jan, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0864
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.29% / 86.89%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_credit_limitsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0885
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_protector_for_mail_securityn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0873
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_master_data_management_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5427
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-04 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_master_data_management_collaboration_serverinfosphere_master_data_management_server_for_product_information_managementn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5443
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_expressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4057
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_information_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4000
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_command_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-4056
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_information_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3029
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-21 Aug, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-2980
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.38%
||
7 Day CHG~0.00%
Published-17 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access monitored database information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-data_studion/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-0598
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.97%
||
7 Day CHG~0.00%
Published-28 Sep, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 52
  • 53
  • Next
Details not found