IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

IBM Security Verify Access 10.0.8 Open Redirection

IBM Security Verify Access = 10.0.0 ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ======== ====================================================== Revision: 1.0...

CVE-2024-35133 IBM Security Verify Access HTTP open redirect

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL...

CVE-2023-30433

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious W...

Security Bulletin: "Administration Console can be switched to debug mode" may affect IBM CICS TX Standard

Summary "Administration Console can be switched to debug mode" may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-33848 DESCRIPTION: IBM CICS TX could allow a privileged user to obtain highly sensitive information by enabli...

CVE-2021-29864

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

Security Bulletin: Vulnerability in URL Redirection affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8961)

Summary IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. This simplifies phishing attacks. Vulnerability Details CVEID: CVE-2016-8961 DESCRIPTION: IBM BigFix Inventory v9.x could...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

Security Bulletin: IBM Maximo Asset Management is vulnerable to reverse tabnabbing (CVE-2020-4409)

Summary IBM Maximo Asset Management is vulnerable to reverse tabnabbing. Vulnerability Details CVEID: CVE-2020-4409 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted We...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

CVE-2021-38900

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607...

Open redirect

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

CVE-2021-20534

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

CVE-2020-4840

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious W...

CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would...

CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would...

IBM Security Guardium Insights Information Disclosure Vulnerability (CNVD-2020-49936)

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. IBM Security Guardium Insights 2.0.1 suffers from an information disclosure vulnerability that can be exploited by an attacker t...

CVE-2020-4598

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

Open redirect

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

CVE-2019-4595

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displaye...