HP Insight Diagnostics Online Edition Cross-Site Scripting (CVE-2010-4111)

A script injection vulnerability exists in HP Insight Diagnostics. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-14621, CVE-2020-14577)

Summary There are two low-impact vulnerabilities in the IBM Java SDK that is used as part of IBM InfoSphere Identity Insight. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-2754, CVE-2020-2755)

Summary An unspecified vulnerability in Java SE related to the Java SE Scripting component used by IBM InfoSphere Identity Insight could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer ...

Security Bulletin: Vulnerability in Java SE libraries could allow unauthenticated attacker to cause denial of service

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability

Summary Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer...

Security Bulletin: Version 6.0.2 of Node.js module kind-of included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability

Summary Security Bulletin: Version 6.0.2 of Node.js module kind-of included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details Third Party Entry: 177376 DESCRIPTION: Node.js kind-of module security bypass CVSS Base score: 5.3 CVSS Temporal Score: See:...

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

CVE-2020-24416 Blind stored XSS in Marketo Sales insight plugin for SalesForce

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

CVE-2020-24416

CVE-2020-24416 affects Marketo Sales Insight plugin for Salesforce, specifically version 1.4355 and earlier, by a blind stored XSS in vulnerable form fields. Exploitation could cause arbitrary JavaScript execution in a victim’s browser when visiting pages containing the affected field. Multiple s...

CVE-2020-9417

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight...

CVE-2020-9417 TIBCO Foresight SQL Injection

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight...

CVE-2020-9417

CVE-2020-9417 affects TIBCO Foresight products (Archive and Retrieval System, Healthcare Edition; Operational Monitor and Healthcare Edition; Transaction Insight and Healthcare Edition) where the Transaction Insight reporting component is vulnerable to an authenticated SQL injection. The issue is...

APSB20-60 Security updates available for Marketo

Marketo has released an update for the Marketo Sales Insight package for Salesforce. This update addresses an important vulnerability. Successful exploitation could lead to arbitrary JavaScript execution in the browser...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15792

A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...

CVE-2020-15794

A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...

CVE-2020-15794

A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...