|
255791
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_desig…
|
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366…
|
NVD-CWE-noinfo
|
CVE-2017-1191
|
2024-11-21 12:21 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255792
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1494
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255793
|
5.3 |
MEDIUM
Network
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
|
CWE-200
Information Exposure
|
CVE-2017-1423
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255794
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki…
|
CWE-384
Session Fixation
|
CVE-2017-1270
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255795
|
5.4 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1266
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255796
|
6.1 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo…
|
CWE-113
HTTP Response Splitting
|
CVE-2017-1262
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255797
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
|
CWE-200
Information Exposure
|
CVE-2017-1261
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255798
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
|
CWE-200
Information Exposure
|
CVE-2017-1257
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255799
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1421
|
2024-11-21 12:21 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255800
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_design_manager
rational_software_architect_design…
|
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
|
CWE-200
Information Exposure
|
CVE-2017-1507
|
2024-11-21 12:21 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
