|
253261
|
7.3 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta…
|
CWE-20
Improper Input Validation
|
CVE-2017-1161
|
2024-11-21 12:21 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253262
|
5.4 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1160
|
2024-11-21 12:21 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253263
|
8.8 |
HIGH
Local
|
ibm
|
spectrum_lsf
|
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.
|
NVD-CWE-noinfo
|
CVE-2017-1205
|
2024-11-21 12:21 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253264
|
4.3 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager
|
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Forc…
|
CWE-384
Session Fixation
|
CVE-2017-1152
|
2024-11-21 12:21 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253265
|
5.3 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.
|
NVD-CWE-noinfo
|
CVE-2017-1180
|
2024-11-21 12:21 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253266
|
4.3 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 20010…
|
NVD-CWE-noinfo
|
CVE-2017-1171
|
2024-11-21 12:21 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253267
|
6.5 |
MEDIUM
Network
|
ibm
|
algo_one
|
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: …
|
CWE-200
Information Exposure
|
CVE-2017-1154
|
2024-11-21 12:21 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253268
|
8.8 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
|
NVD-CWE-noinfo
|
CVE-2017-1153
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253269
|
5.3 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could…
|
CWE-200
Information Exposure
|
CVE-2017-1143
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253270
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interc…
|
CWE-200
Information Exposure
|
CVE-2017-1142
|
2024-11-21 12:21 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
