CVE-2020-15794

A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...

Sql injection

A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...

Design/Logic Flaw

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

Information disclosure

A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...

CVE-2020-15794

CVE-2020-15794 affects Siemens Desigo Insight (All versions). The web application may reveal absolute file system paths in error messages, enabling an authenticated attacker to retrieve additional information about the host system (information disclosure). Mitigations documented by vendors includ...

CVE-2020-15794

A vulnerability has been identified in Desigo Insight All versions. Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system...

CVE-2020-15793

CVE-2020-15793 affects Siemens Desigo Insight (all versions). The vulnerability stems from not properly setting the X-Frame-Options header, enabling clickjacking that could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user. The ICSA advisory notes th...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15792

CVE-2020-15792 affects Siemens Desigo Insight (All versions). The issue is an improper input validation on certain query parameters in a reserved area, enabling an authenticated attacker to retrieve data via a content-based blind SQL injection attack (SQL Injection). CVSS v3 base score 4.3 (vecto...

CVE-2020-15792

A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...

TIBCO Security Advisory: October 20, 2020 - TIBCOForesight

TIBCO Foresight SQL Injection Original release date: October 20, 2020 Last revised: CVE-2020-9417 Source: TIBCO SoftwareInc. TIBCO Foresight SQL Injection Original release date: October 20, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO Foresight Archive and Retrieval...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

Security Bulletin: Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14195

Summary Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14195 Vulnerability Details CVEID: CVE-2020-14195 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...

Security Bulletin: Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14062

Summary Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14062 Vulnerability Details CVEID: CVE-2020-14062 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...

Siemens Desigo Insight

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo Insight Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

uk.insight.com Cross Site Request Forgery vulnerability OBB-1375908

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Bulletin: A vulnerability in Netty affects IBM Netcool Agile Service Manager

Summary A vulnerability in Netty used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a...

Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147)

Summary Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-14147 DESCRIPTION: Redis is vulnerable to a denial of service, caused by an integer overflow in the getnum function in luastruct....

Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability

Summary Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Predictive Insight

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Predictive Insight. IBM Predictive Insight has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability...