|
248901
|
7.1 |
HIGH
Local
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker c…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-1382
|
2024-11-21 12:21 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248902
|
5.4 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1380
|
2024-11-21 12:21 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248903
|
5.4 |
MEDIUM
Network
|
ibm
|
rhapsody_design_manager
|
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c…
|
CWE-601
Open Redirect
|
CVE-2017-1287
|
2024-11-21 12:21 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248904
|
5.4 |
MEDIUM
Network
|
ibm
|
rhapsody_design_manager
|
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1249
|
2024-11-21 12:21 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248905
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_software_architect_design_manager
|
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1245
|
2024-11-21 12:21 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248906
|
3.3 |
LOW
Local
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then…
|
CWE-200
Information Exposure
|
CVE-2017-1381
|
2024-11-21 12:21 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248907
|
6.5 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
|
CWE-200
Information Exposure
|
CVE-2017-1374
|
2024-11-21 12:21 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248908
|
8.8 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force …
|
NVD-CWE-noinfo
|
CVE-2017-1373
|
2024-11-21 12:21 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248909
|
5.4 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1372
|
2024-11-21 12:21 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248910
|
8.8 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access…
|
NVD-CWE-noinfo
|
CVE-2017-1371
|
2024-11-21 12:21 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
