CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,384 vulnerabilities with CWE-352
CVE-2016-8513 HIGH
HPE Version Control Repository Manager < 7.6 - Cross-Site Request Forgery
CVSS 8.0
CVE-2016-0335 HIGH
IBM Security Identity Manager Virtual Appliance <7.0.1.0 - CSRF
CVSS 8.8
CVE-2016-10701 HIGH
Hitachi Vantara Pentaho Business Analytics < 8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1265 CRITICAL
Juniper Networks Junos Space <15.1R3 - RCE
CVSS 9.8
CVE-2016-1261 HIGH
Juniper Junos - Cross-Site Request Forgery and Denial of Service in J-Web
CVSS 7.1
CVE-2016-5789 HIGH
JanTek JTC-200 Firmware - Cross-Site Request Forgery
CVSS 8.0
CVE-2016-6806 HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-8737 HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-2965 MEDIUM
IBM Sametime 8.5.2-9.0.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2016-0356 MEDIUM
IBM Sametime Enterprise Meeting Server <9.0 - CSRF
CVSS 6.5
CVE-2016-0355 MEDIUM
IBM Sametime Enterprise Meeting Server <9.0 - CSRF
CVSS 6.5
CVE-2016-9716 HIGH
IBM InfoSphere Master Data Management Server 11.0 11.3 11.4 11.5 11.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-9714 HIGH
IBM InfoSphere Master Data Management Server 10.1-11.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-7507 HIGH
GLPI 0.90.4 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2016-1000218 HIGH
Kibana Reporting 2.4.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-7822 HIGH
Buffalo WNC01WH <= 1.0.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-7809 HIGH
Corega CG-WLR300NX Firmware <= 1.20 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4909 MEDIUM
Cybozu Garoon 3.0.0-4.2.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2016-4907 HIGH
Cybozu Garoon 3.0.0-4.2.2 - Cross-Site Request Forgery Token Exposure
CVSS 8.8
CVE-2016-9991 HIGH
IBM Sterling Order Management 9.2-9.5 - Cross-Site Request Forgery
CVSS 8.0
CVE-2016-8229 HIGH
Lenovo Service Bridge < 4 - Cross-Site Request Forgery via DHCP Server
CVSS 8.8
CVE-2016-4904 HIGH
WP-OliveCart < 3.1.3 and WP-OliveCartPro < 3.1.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4854 HIGH
NTT DOCOMO L-04D Firmware V10a and V10b - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-3403 HIGH
Zimbra Collaboration Suite < 8.6.0 - Cross-Site Request Forgery in Admin Console
CVSS 8.8
CVE-2016-4887 HIGH
baserCMS plugin Uploader <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,384
Exploit Likelihood Medium