CVE-2014-2358

CVE-2014-2358: Fox-IT DataDiode Appliance CSRF

Vendor Fox-It

Product DataDiode Appliance

Weakness CWE-352 · CSRF

Published October 19, 2014

Last update October 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.

Key dates

02Disclosure timeline

October 19, 2014 CVE published

October 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2014-2358 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-68158 Authlib: 1-click Account Takeover CVE-2025-48303 WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-51535 WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2020-15135 CSRF vulnerability in save-server CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation