Lucene search

Mobilefirst Platform Foundation Security Vulnerabilities

cve

CVE-2017-1500

A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-01 06:29 PM

cve

CVE-2017-1772

IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

6.1CVSS

5.8AI Score

0.001EPSS

2018-04-04 06:29 PM

cve

CVE-2020-4226

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.

7.5CVSS

6.9AI Score

0.001EPSS

2020-05-27 02:15 PM

cve

CVE-2020-4229

IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.

7.3CVSS

7.1AI Score

0.001EPSS

2020-06-05 05:15 PM