|
253021
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1494
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253022
|
5.3 |
MEDIUM
Network
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
|
CWE-200
Information Exposure
|
CVE-2017-1423
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253023
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki…
|
CWE-384
Session Fixation
|
CVE-2017-1270
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253024
|
5.4 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1266
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253025
|
6.1 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo…
|
CWE-113
HTTP Response Splitting
|
CVE-2017-1262
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253026
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
|
CWE-200
Information Exposure
|
CVE-2017-1261
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253027
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
|
CWE-200
Information Exposure
|
CVE-2017-1257
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253028
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1421
|
2024-11-21 12:21 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253029
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_design_manager
rational_software_architect_design…
|
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
|
CWE-200
Information Exposure
|
CVE-2017-1507
|
2024-11-21 12:21 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253030
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1498
|
2024-11-21 12:21 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
