Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2878 Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.0
2016-11-30 CVE-2016-3009 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
network
low complexity
ibm CWE-352
3.5
2016-11-30 CVE-2016-3004 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.
network
low complexity
ibm CWE-352
4.6
2016-11-30 CVE-2016-2963 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-11-23 CVE-2016-8673 Cross-Site Request Forgery (CSRF) vulnerability in Siemens products
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl.
network
low complexity
siemens CWE-352
8.8
2016-11-03 CVE-2016-6454 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions.
network
low complexity
cisco CWE-352
6.5
2016-10-27 CVE-2016-6444 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user.
network
low complexity
cisco CWE-352
8.8
2016-10-27 CVE-2016-6442 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.
network
low complexity
cisco CWE-352
8.8
2016-10-26 CVE-2016-8504 Cross-Site Request Forgery (CSRF) vulnerability in Yandex Browser
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
network
low complexity
yandex CWE-352
4.3
2016-10-25 CVE-2016-1000213 Cross-Site Request Forgery (CSRF) vulnerability in Ruckus Wireless H500
Ruckus Wireless H500 web management interface CSRF
network
low complexity
ruckus CWE-352
8.8