9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Synthetic Playback Agent has addressed the following vulnerabilities:
CVE-ID: CVE-2019-11699
CVE-ID: CVE-2019-11700
CVE-ID: CVE-2019-11698
CVE-ID: CVE-2019-9800
CVE-ID: CVE-2019-11701
CVE-ID: CVE-2019-11699
Description: Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the highlighting of the wrong name during page navigations. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the addressbar.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161355> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE-ID: CVE-2019-11700
Description: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the use of the res: protocol to open local files at a known location in Internet Explorer. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161354> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE-ID: CVE-2019-11698
Description: Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using drag and dropt to steal user history data.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161353> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE-ID: CVE-2019-9800
Description: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161357> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-ID: CVE-2019-11701
Description: Mozilla Firefox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default webcal: protocol handler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161356> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Product
|
Affected Versions
—|—
Synthetic Playback Agent
|
8.1.4 - 8.1.4 IF07
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
Synthetic Playback Agent
|
8.1.4 IF08
|
| 8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0008
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm application performance management | eq | 8.1.4 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P