|
253411
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki…
|
CWE-384
Session Fixation
|
CVE-2017-1270
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253412
|
5.4 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1266
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253413
|
6.1 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo…
|
CWE-113
HTTP Response Splitting
|
CVE-2017-1262
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253414
|
3.3 |
LOW
Local
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
|
CWE-200
Information Exposure
|
CVE-2017-1261
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253415
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
|
CWE-200
Information Exposure
|
CVE-2017-1257
|
2024-11-21 12:21 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253416
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1421
|
2024-11-21 12:21 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253417
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_engineering_lifecycle_manager
rational_rhapsody_design_manager
rational_software_architect_design…
|
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
|
CWE-200
Information Exposure
|
CVE-2017-1507
|
2024-11-21 12:21 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253418
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1498
|
2024-11-21 12:21 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253419
|
3.7 |
LOW
Network
|
ibm
|
sterling_file_gateway
|
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.
|
CWE-200
Information Exposure
|
CVE-2017-1497
|
2024-11-21 12:21 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253420
|
6.5 |
MEDIUM
Network
|
ibm
|
sterling_file_gateway
|
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.
|
CWE-200
Information Exposure
|
CVE-2017-1487
|
2024-11-21 12:21 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
