|
248711
|
8.2 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive …
|
CWE-611
XXE
|
CVE-2017-1192
|
2024-11-21 12:21 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248712
|
8.8 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or …
|
CWE-89
SQL Injection
|
CVE-2017-1174
|
2024-11-21 12:21 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248713
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_engineering_lifecycle_manager
|
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1168
|
2024-11-21 12:21 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248714
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_strategic_supply_management
emptoris_supplier_lifecycle_management
|
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf…
|
CWE-601
Open Redirect
|
CVE-2017-1448
|
2024-11-21 12:21 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248715
|
4.3 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
maximo_asset_management_essentials
|
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
|
CWE-20
Improper Input Validation
|
CVE-2017-1357
|
2024-11-21 12:21 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248716
|
5.4 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1331
|
2024-11-21 12:21 |
2017-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248717
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.
|
NVD-CWE-noinfo
|
CVE-2017-1504
|
2024-11-21 12:21 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248718
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1327
|
2024-11-21 12:21 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248719
|
5.4 |
MEDIUM
Network
|
ibm
|
infosphere_master_data_management_server
|
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1199
|
2024-11-21 12:21 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248720
|
4.9 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1495
|
2024-11-21 12:21 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
