|
259921
|
5.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker…
|
NVD-CWE-noinfo
|
CVE-2017-1328
|
2024-11-21 12:21 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259922
|
8.2 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat…
|
CWE-611
XXE
|
CVE-2017-1322
|
2024-11-21 12:21 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259923
|
7.3 |
HIGH
Local
|
ibm
|
data_server_client
data_server_driver_for_odbc_and_cli
data_server_driver_package
data_server_runtime_client
db2
db2_connect
|
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1297
|
2024-11-21 12:21 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259924
|
5.4 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1234
|
2024-11-21 12:21 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259925
|
7.1 |
HIGH
Local
|
ibm
|
data_server_client
data_server_driver_for_odbc_and_cli
data_server_driver_package
data_server_runtime_client
db2
db2_connect
|
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1105
|
2024-11-21 12:21 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259926
|
5.5 |
MEDIUM
Local
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
|
CWE-200
Information Exposure
|
CVE-2017-1349
|
2024-11-21 12:21 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259927
|
5.4 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1348
|
2024-11-21 12:21 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259928
|
8.8 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or …
|
CWE-89
SQL Injection
|
CVE-2017-1347
|
2024-11-21 12:21 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259929
|
5.5 |
MEDIUM
Local
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.
|
CWE-200
Information Exposure
|
CVE-2017-1302
|
2024-11-21 12:21 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259930
|
6.5 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.
|
CWE-200
Information Exposure
|
CVE-2017-1193
|
2024-11-21 12:21 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
