Total
7667 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | |||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | |||||
| CVE-2018-20188 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | |||||
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v5.2 has admin/role/add.html CSRF. | |||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-1858 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256. | |||||
| CVE-2018-1790 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | |||||
| CVE-2018-1712 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | |||||
| CVE-2018-1661 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. | |||||
| CVE-2018-1622 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. | |||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||||
| CVE-2018-1479 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. | |||||
| CVE-2018-1455 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | |||||
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | |||||
| CVE-2018-1434 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. | |||||
| CVE-2018-1432 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. | |||||
| CVE-2018-1230 | 1 Pivotal Software | 1 Spring Batch Admin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. | |||||
| CVE-2018-1213 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | |||||