|
255381
|
7.5 |
HIGH
Network
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
|
NVD-CWE-noinfo
|
CVE-2017-1569
|
2024-11-21 12:22 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255382
|
6.1 |
MEDIUM
Network
|
ibm
|
datapower_gateway
|
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1591
|
2024-11-21 12:22 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255383
|
7.5 |
HIGH
Network
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences …
|
CWE-22
Path Traversal
|
CVE-2017-1577
|
2024-11-21 12:22 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255384
|
8.8 |
HIGH
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LD…
|
NVD-CWE-noinfo
|
CVE-2017-1539
|
2024-11-21 12:22 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255385
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1531
|
2024-11-21 12:22 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255386
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1530
|
2024-11-21 12:22 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255387
|
8.1 |
HIGH
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen…
|
CWE-611
XXE
|
CVE-2017-1527
|
2024-11-21 12:22 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255388
|
4.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
|
CWE-20
Improper Input Validation
|
CVE-2017-1555
|
2024-11-21 12:22 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255389
|
6.1 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploi…
|
CWE-20
Improper Input Validation
|
CVE-2017-1551
|
2024-11-21 12:22 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255390
|
6.5 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13…
|
CWE-20
Improper Input Validation
|
CVE-2017-1556
|
2024-11-21 12:22 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
