CWE-352

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

The administrative daemon (tibdgadmind) of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, and TIBCO ActiveSpaces – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces – Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces – Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.

The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL – Community Edition: versions up to and including 5.4.0, TIBCO FTL – Developer Edition: versions up to and including 5.4.0, TIBCO FTL – Enterprise Edition: versions up to and including 5.4.0.

The Schema repository server (tibschemad) component of TIBCO Software Inc.’s TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Community Edition, and TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Community Edition: 1.0.0, and TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Enterprise Edition: 1.0.0.

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.’s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.

The Central Administration server (emsca) component of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.4.0 and below.