CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

IBM Security Bulletins•added 2022/09/26 5:45 a.m.•18 views

Security Bulletin: IBM SPSS Modeler Premium - Text Analytics SSL Spoofing (CVE-2012-5785)

Abstract Last updated on December 11, 2012. When using the Text Analytics Server from the IBM SPSS Modeler Premium product with the SSL option enabled default is disabled, then an SSL connection can be established without verifying the hostname of the target connection against the name on the SSL...

5.8CVSS8.7AI score0.00493EPSS

Exploits1Affected Software1

Github Security Blog•added 2022/05/14 2:44 a.m.•40 views

Improper Neutralization of Input During Web Page Generation in Apache Axis2

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

4.3CVSS3.3AI score0.26903EPSS

Exploits1References8Affected Software1

Prion•added 2012/11/04 10:55 p.m.•13 views

Code injection

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00493EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2010/11/11 12:0 a.m.•44 views

IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 13 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. PM14251 - ...

10CVSS7.9AI score0.06711EPSS

Exploits3References12