Skip to main content

Industrial CVE-2024-40685

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-02-04 psirt@us.ibm.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 04, 2026 - 22:15 nvd
MEDIUM 4.3

DescriptionCVE.org

IBM Operations Analytics - Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics - Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

AnalysisAI

Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).

Technical ContextAI

This vulnerability (CWE-352: Cross-Site Request Forgery (CSRF)) affects Log Analysis versions 1.3.5.0. IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

Affected ProductsAI

Product: Log Analysis versions 1.3.5.0. Versions: up to 1.3.8.3.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-63624 CRITICAL POC
9.8 Feb 03

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the

CVE-2026-24857 CRITICAL POC
9.8 Jan 28

bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code th

CVE-2026-23519 CRITICAL POC
9.8 Jan 15

RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations

CVE-2021-47881 HIGH POC
8.4 Jan 23

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to over

CVE-2026-22850 HIGH POC
8.3 Jan 19

SQL injection in Koko Analytics for WordPress prior to version 2.1.3 allows unauthenticated attackers to inject maliciou

CVE-2026-22700 HIGH POC
7.5 Jan 10

RustCrypto's SM2 elliptic curve implementation in versions 0.14.0-pre.0 and 0.14.0-rc.0 is vulnerable to denial-of-servi

CVE-2026-26025 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allo

CVE-2026-26024 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 inte

CVE-2026-25501 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interfac

CVE-2019-25291 HIGH POC
7.5 Jan 08

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca

CVE-2026-22689 MEDIUM POC
6.5 Jan 10

Mailpit versions up to 1.28.2 contains a vulnerability that allows attackers to intercept sensitive data such as email c

CVE-2025-64075 CRITICAL
10.0 Feb 11

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypa

Share

CVE-2024-40685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy