EUVD-2017-10169

Malware in sbrugna...

EUVD-2016-0395

Malware in sbrugna...

CVE-2016-9698

IBM Rhapsody DM is affected by CVE-2016-9698 due to an XML External Entity (XXE) processing flaw that can lead to denial of service and potential memory/resource exhaustion. Affected: Rational Software Architect/Design Manager versions 4.0.0–4.0.7, 5.0.0–5.0.2, and 6.0.0–6.0.2. Root cause: XXE in...

Cross site scripting

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

Design/Logic Flaw

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference : 2001084...

CVE-2016-3015

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

Cross site scripting

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

Xxe

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference : 2000784...

CVE-2016-8917

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference : 2000943...

CVE-2017-1171

The IBM TRIRIGA Application Platform vulnerability CVE-2017-1171 allows an authenticated user to execute Application actions they do not have access to. Affected versions are 3.3.0–3.3.2.5, 3.4.0–3.4.2.5, and 3.5.0–3.5.2.0. Remediation: apply fixes in IBM TRIRIGA Platform 3.3.2.6, 3.4.2.6, or 3.5...

CVE-2016-6031

CVE-2016-6031 affects IBM Rational Quality Manager 4.0–6.0.3 (RQM). It is a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM advisory lists multiple CLM/RQM products af...

CVE-2016-6111

IBM Cúram Social Program Management (SPM) is affected by CVE-2016-6111 due to an XML External Entity Injection (XXE) in XML data processing, causing denial of service with potential data exposure and memory depletion. The IBM Security Bulletin lists affected versions across SPM 5.2 SP6 up to 7.0....

Design/Logic Flaw

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference : 1999563...

CVE-2017-1143

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...

CVE-2016-6102

CVE-2016-6102 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises because versions 2.5 (2.5.0.7 and earlier) and 2.6 (2.6.0.2 and earlier) store sensitive information in URL parameters, enabling possible information disclosure if URLs are c...

CVE-2016-8960

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference : 1993718...

CVE-2017-1120

IBM WebSphere Portal is affected by CVE-2017-1120 (XSS) in the web UI. The Nessus entry notes multiple XSS vulnerabilities impacting IBM WebSphere Portal 8.5.0 before CF14 and 9.0.0 before CF14, allowing an unauthenticated, remote attacker to execute arbitrary script in a user browser session and...

CVE-2016-8960

The CVE-2016-8960 issue affects IBM Cognos products and describes a privilege-escalation flaw where a user with lower capabilities can adopt a higher-privilege set by intercepting and reusing a higher-privilege cookie in HTTP requests. Connected IBM bulletins specify affected ranges: Cognos Analy...

CVE-2017-1153

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference : 1999563...