Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4726 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | |||||
| CVE-2019-4613 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. | |||||
| CVE-2019-4515 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | |||||
| CVE-2019-4231 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | |||||
| CVE-2019-4212 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. | |||||
| CVE-2019-4167 | 1 Ibm | 1 Storediq | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. | |||||
| CVE-2019-4142 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. | |||||
| CVE-2019-4117 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. | |||||
| CVE-2019-4095 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. | |||||
| CVE-2019-3959 | 1 Wallaceit | 1 Wallacepos | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2019-3876 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | |||||
| CVE-2019-3864 | 1 Redhat | 1 Quay | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. | |||||
| CVE-2019-3718 | 1 Dell | 1 Supportassist | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. | |||||
| CVE-2019-3604 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 6.8 MEDIUM | 4.8 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | |||||
| CVE-2019-3410 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-11-21 | 6.8 MEDIUM | 4.6 MEDIUM |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client. | |||||
| CVE-2019-25064 | 1 Theaccessgroup | 1 Corehr Core Portal | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |||||
| CVE-2019-20865 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | |||||
| CVE-2019-20841 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | |||||
| CVE-2019-20804 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | |||||