|
249881
|
5.4 |
MEDIUM
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.
|
CWE-269
Improper Privilege Management
|
CVE-2017-1493
|
2024-11-21 12:21 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249882
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_desig…
|
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1365
|
2024-11-21 12:21 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249883
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_desig…
|
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366…
|
NVD-CWE-noinfo
|
CVE-2017-1191
|
2024-11-21 12:21 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249884
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1494
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249885
|
5.3 |
MEDIUM
Network
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
|
CWE-200
Information Exposure
|
CVE-2017-1423
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249886
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki…
|
CWE-384
Session Fixation
|
CVE-2017-1270
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249887
|
5.4 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1266
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249888
|
6.1 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo…
|
CWE-113
HTTP Response Splitting
|
CVE-2017-1262
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249889
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
|
CWE-200
Information Exposure
|
CVE-2017-1261
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249890
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
|
CWE-200
Information Exposure
|
CVE-2017-1257
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
