Vulnerabilities (CVE)

Filtered by CWE-352
Total 6075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0961 1 Ibm 2 Security Identity Manager, Tivoli Identity Manager 2024-11-21 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-0944 1 Ibm 1 Operational Decision Manager 2024-11-21 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-0933 1 Ibm 1 Infosphere Information Server Metadata Workbench 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-0929 1 Ibm 1 Connections 2024-11-21 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.
CVE-2014-0885 1 Ibm 1 Lotus Protector For Mail Security 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-0873 1 Ibm 1 Infosphere Master Data Management Server 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.
CVE-2014-0864 1 Ibm 1 Algo Credit Limits 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.
CVE-2014-0835 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.
CVE-2014-0831 1 Ibm 1 Financial Transaction Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.
CVE-2014-0813 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
CVE-2014-0745 1 Cisco 1 Unified Contact Center Express Editor Software 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
CVE-2014-0740 1 Cisco 1 Unified Communications Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
CVE-2014-0736 1 Cisco 1 Unified Communications Manager 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
CVE-2014-0641 1 Emc 1 Rsa Archer Egrc 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-0621 1 Technicolor 2 Tc7200, Tc7200 Firmware 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
CVE-2014-0594 1 Opensuse 1 Open Build Service 2024-11-21 6.8 MEDIUM 8.8 HIGH
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
CVE-2014-0570 1 Adobe 1 Coldfusion 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-0336 1 Serena 1 Dimensions Cm 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.
CVE-2014-0213 1 Moodle 1 Moodle 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.
CVE-2014-0197 1 Redhat 2 Cloudforms, Cloudforms Management Engine 2024-11-21 6.8 MEDIUM 8.8 HIGH
CFME: CSRF protection vulnerability via permissive check of the referrer header