|
248831
|
4.3 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager
|
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Forc…
|
CWE-384
Session Fixation
|
CVE-2017-1152
|
2024-11-21 12:21 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248832
|
5.3 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.
|
NVD-CWE-noinfo
|
CVE-2017-1180
|
2024-11-21 12:21 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248833
|
4.3 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 20010…
|
NVD-CWE-noinfo
|
CVE-2017-1171
|
2024-11-21 12:21 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248834
|
6.5 |
MEDIUM
Network
|
ibm
|
algo_one
|
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: …
|
CWE-200
Information Exposure
|
CVE-2017-1154
|
2024-11-21 12:21 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248835
|
8.8 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
|
NVD-CWE-noinfo
|
CVE-2017-1153
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248836
|
5.3 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could…
|
CWE-200
Information Exposure
|
CVE-2017-1143
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248837
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interc…
|
CWE-200
Information Exposure
|
CVE-2017-1142
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248838
|
6.1 |
MEDIUM
Network
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1120
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248839
|
4.3 |
MEDIUM
Network
|
ibm
|
algo_one
|
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
|
CWE-200
Information Exposure
|
CVE-2017-1155
|
2024-11-21 12:21 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248840
|
8.1 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste…
|
NVD-CWE-noinfo
|
CVE-2017-1151
|
2024-11-21 12:21 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
