Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-41296

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-01 Dec, 2022 | 17:24
Updated At-03 Aug, 2024 | 12:42
Rejected At-
Credits

IBM Db2U cross-site respect forgery

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:01 Dec, 2022 | 17:24
Updated At:03 Aug, 2024 | 12:42
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Db2U cross-site respect forgery

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

Affected Products
Vendor
IBM CorporationIBM
Product
Db2U
Default Status
unaffected
Versions
Affected
  • 3.5, 4.0, 4.5
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6843071
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/237210
vdb-entry
Hyperlink: https://www.ibm.com/support/pages/node/6843071
Resource:
vendor-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/237210
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.netapp.com/advisory/ntap-20230120-0003/
N/A
https://www.ibm.com/support/pages/node/6843071
vendor-advisory
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/237210
vdb-entry
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230120-0003/
Resource: N/A
Hyperlink: https://www.ibm.com/support/pages/node/6843071
Resource:
vendor-advisory
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/237210
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:12 Dec, 2022 | 09:15
Updated At:07 Nov, 2023 | 03:52

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CPE Matches
IBM Corporation
ibm
>>db2>>3.5
cpe:2.3:a:ibm:db2:3.5:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>3.5
cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>4.0
cpe:2.3:a:ibm:db2:4.0:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>4.0
cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>4.5
cpe:2.3:a:ibm:db2:4.5:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>4.5
cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>3.5
cpe:2.3:a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>3.5
cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>4.0
cpe:2.3:a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>4.0
cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>4.5
cpe:2.3:a:ibm:db2_warehouse:4.5:-:*:*:*:*:*:*
IBM Corporation
ibm
>>db2_warehouse>>4.5
cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondarypsirt@us.ibm.com
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/237210psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6843071psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/237210
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6843071
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3036Records found
CVE-2018-1934
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_business_intelligenceCognos Business Intelligence
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35286
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 14:25
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1858
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 38.87%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35285
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 17:20
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35638
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 04:00
Updated-21 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site request forgery

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29823
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29816
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34161
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 15:40
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX AdvancedCICS TX Standard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29888
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29757
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar User Behavior Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-49340
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.47%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 23:57
Updated-08 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Studio Local cross-site request forgery

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-watson_studio_localWatson Studio Local
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29837
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43192
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-27 Sep, 2025 | 01:14
Updated-11 Dec, 2025 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage TS4500 Library cross-site request forgery

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-storage_ts4500_librarydiamondback_tape_library_firmwarestorage_ts4500_library_firmwarediamondback_tape_libraryStorage TS4500 Library
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-41744
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.37%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 16:53
Updated-18 Jun, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX Standard cross-site request forgery

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX Standard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-41776
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.43%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 17:11
Updated-11 Dec, 2024 | 03:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller cross-site request forgery

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-30608
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.39%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-infosphere_information_serveraixwindowslinux_kernelIBM InfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-56474
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 15:31
Updated-01 Sep, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms cross-site request forgery

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aixlinux_kerneltxseries_for_multiplatformsTXSeries for Multiplatforms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47718
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.65%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 01:14
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management cross-site request forgery

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suitemaximo_asset_managementMaximo Asset Management Manage ComponentMaximo Asset Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35138
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 20:38
Updated-27 Aug, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access cross-site request forgery

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access ContainerSecurity Verify Access Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20403
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 16:30
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_information_queueSecurity Verify Information Queue
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31902
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.52%
||
7 Day CHG~0.00%
Published-30 Jun, 2024 | 16:38
Updated-02 Aug, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20468
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.30%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38739
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.41%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 15:19
Updated-05 Mar, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site request forgery

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38268
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 19:21
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22493
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 17:00
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-websphere_automation_for_ibm_cloud_pak_for_watson_aiopslinux_kernelWebSphere Automation for Cloud Pak for Watson AIOps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22479
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 16:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-31773
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.71%
||
7 Day CHG~0.00%
Published-26 Aug, 2022 | 17:25
Updated-16 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4764
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.03%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 15:00
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsplanning_analyticslinux_kernelPlanning Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4992
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 13:55
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4675
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 16:50
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.

Action-Not Available
Vendor-IBM CorporationopenSUSELinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelopensuselinux_on_ibm_zwindowsinfosphere_master_data_management_serveraixInfoSphere Master Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4668
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 15:30
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4942
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4773
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:05
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4938
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4917
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 14:00
Updated-16 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_systemCloud Pak System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4301
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.30%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 19:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4286
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:15
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_server_on_cloudinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4238
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 14:31
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27265
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 18:37
Updated-02 Aug, 2024 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Integration Bus for z/OS cross-site request forgery

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsintegration_buslinux_kernelz\/osIntegration Bus for z/OS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22361
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.03%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 15:45
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22346
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 17:00
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect Operations Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22359
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

Action-Not Available
Vendor-IBM Corporation
Product-partner_engagement_managerpartner_engagement_manager_on_cloud\/saasSterling Partner Engagement Manager on CloudSterling Partner Engagement Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1434
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.27%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 21:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_virtualizestorwize_v3500storwize_v3500_firmwarespectrum_virtualize_for_public_cloudstorwize_v5000_firmwarestorwize_v7000_firmwarestorwize_v3700_firmwarestorwize_v7000storwize_v9000_firmwarestorwize_v3700storwize_v5000san_volume_controllersan_volume_controller_firmwarestorwize_v9000FlashSystem V9000Spectrum Virtualize for Public CloudStorwize V7000 (2076)SAN Volume ControllerStorwize V5000Spectrum Virtualize SoftwareStorwize V3500Storwize V3700
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-29756
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38886
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38868
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 17:00
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_quality_assistant_on-premisesEngineering Requirements Quality Assistant On-Premises
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39044
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:04
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-42435
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 23:16
Updated-10 Apr, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Workflow cross-site request forgery

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowBusiness Automation Workflow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41297
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 17:30
Updated-24 Apr, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2U cross-site request forgery

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.

Action-Not Available
Vendor-IBM Corporation
Product-db2udb2_on_cloud_pak_for_datadb2_warehouse_on_cloud_pak_for_dataDb2U
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38001
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 16:54
Updated-13 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator cross-site request forgery

IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_orchestratorAspera Orchestrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 60
  • 61
  • Next
Details not found