Lucene search
+L

35 matches found

Prion
Prion
added 2021/05/04 4:15 p.m.19 views

Cross site scripting

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

3.5CVSS5.2AI score0.00495EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/04 3:45 p.m.55 views

CVE-2020-4987

CVE-2020-4987 affects IBM FlashSystem 900 user management GUI. Stored XSS in the web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected code is VRMF 1.5.2.8 and prior and 1.6.1.2 and prior; fixes are available: 1.6.1.3 (1.6 s...

6.4CVSS5.2AI score0.00495EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/05/03 12:0 a.m.3 views

CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.4CVSS5.9AI score0.00495EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/14 3:19 p.m.37 views

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964)

Summary There are two vulnerabilities in Java to which IBM FlashSystem™ 900 is susceptible CVE-2019-2989 and CVE-2019-2964. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact,...

6.8CVSS2AI score0.03533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 8:55 p.m.26 views

Security Bulletin: A vulnerability in RC4 stream cipher affects IBM FlashSystem 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS1AI score0.73851EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 8:50 p.m.31 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM FlashSystem 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS6.6AI score0.73851EPSS
Exploits0Affected Software1
CVE
CVE
added 2018/10/18 4:0 p.m.56 views

CVE-2018-1822

CVE-2018-1822 affects IBM FlashSystem 840 and 900 GUI. The vulnerability allows a crafted attack to bypass authentication, enabling remote escalation of privileges and potential administrative control or denial of service. Affected MTMs include FlashSystem 840 (9840-AE1, 9843-AE1) and FlashSystem...

10CVSS9.2AI score0.03432EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/18 4:0 p.m.21 views

CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...

9.8CVSS9.3AI score0.03432EPSS
Exploits0References2
OSV
OSV
added 2018/10/18 3:29 p.m.6 views

CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...

9.8CVSS5.8AI score0.03432EPSS
Exploits0References2
Prion
Prion
added 2018/10/18 3:29 p.m.15 views

Authentication flaw

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...

10CVSS9.2AI score0.03432EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/10/18 3:29 p.m.20 views

CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...

10CVSS9.4AI score0.03432EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:36 a.m.35 views

Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Mozilla NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2016-9074 could make the system susceptible to timing side-channel attacks which could be leveraged to allow launch of further attacks on t...

5.9CVSS7.9AI score0.02452EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:35 a.m.33 views

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects the IBM FlashSystem 900, (CVE-2014-0227)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem 900 which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service under error scenarios. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat ...

6.4CVSS0.3AI score0.21045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:35 a.m.46 views

Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 900 (CVE 2015-0286)

Summary There is a vulnerability in Open Source OpenSSL version that is used by the IBM FlashSystem 900. An exploit of this vulnerability could result in a denial of service. Vulnerability Details CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error i...

5CVSS0.7AI score0.20706EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:35 a.m.35 views

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects the IBM FlashSystem 900, (CVE-2014-0230)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem 900 which allows remote attackers to cause a denial of service under certain scenarios. Vulnerability Details CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service,...

7.8CVSS0.4AI score0.20318EPSS
Exploits0Affected Software1
Rows per page
Query Builder