Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5549 | 1 Plathome | 4 Easyblocks Ipv6, Easyblocks Ipv6 Enterprise, Easyblocks Ipv6 Enterprise Firmware and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5530 | 1 Realestateconnected | 1 Easy Property Listings | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-5517 | 1 Blueonyx | 2 5209r, 5209r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. | |||||
| CVE-2020-5502 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. | |||||
| CVE-2020-5501 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. | |||||
| CVE-2020-5402 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | |||||
| CVE-2020-5397 | 2 Oracle, Vmware | 27 Application Testing Suite, Communications Brm - Elastic Charging Engine, Communications Diameter Signaling Router and 24 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. | |||||
| CVE-2020-5391 | 1 Auth0 | 1 Wp-auth0 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. | |||||
| CVE-2020-5335 | 1 Rsa | 1 Archer | 2024-11-21 | 6.8 MEDIUM | 5.0 MEDIUM |
| RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. | |||||
| CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | |||||
| CVE-2020-4942 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. | |||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | |||||
| CVE-2020-4917 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. | |||||
| CVE-2020-4904 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||
| CVE-2020-4826 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | |||||
| CVE-2020-4773 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. | |||||
| CVE-2020-4764 | 3 Ibm, Linux, Microsoft | 3 Planning Analytics, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. | |||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | |||||
| CVE-2020-4668 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | |||||