73 matches found
EUVD-2017-10169
Malware in sbrugna...
EUVD-2016-0395
Malware in sbrugna...
CVE-2016-9698
IBM Rhapsody DM is affected by CVE-2016-9698 due to an XML External Entity (XXE) processing flaw that can lead to denial of service and potential memory/resource exhaustion. Affected: Rational Software Architect/Design Manager versions 4.0.0–4.0.7, 5.0.0–5.0.2, and 6.0.0–6.0.2. Root cause: XXE in...
Cross site scripting
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
CVE-2016-3015
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
Cross site scripting
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
Design/Logic Flaw
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference : 2001084...
CVE-2016-3031
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
CVE-2016-8917
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference : 2000943...
Xxe
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference : 2000784...
CVE-2017-1171
The IBM TRIRIGA Application Platform vulnerability CVE-2017-1171 allows an authenticated user to execute Application actions they do not have access to. Affected versions are 3.3.0–3.3.2.5, 3.4.0–3.4.2.5, and 3.5.0–3.5.2.0. Remediation: apply fixes in IBM TRIRIGA Platform 3.3.2.6, 3.4.2.6, or 3.5...
CVE-2016-6031
CVE-2016-6031 affects IBM Rational Quality Manager 4.0–6.0.3 (RQM). It is a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM advisory lists multiple CLM/RQM products af...
CVE-2016-6111
IBM Cúram Social Program Management (SPM) is affected by CVE-2016-6111 due to an XML External Entity Injection (XXE) in XML data processing, causing denial of service with potential data exposure and memory depletion. The IBM Security Bulletin lists affected versions across SPM 5.2 SP6 up to 7.0....
Design/Logic Flaw
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference : 1999563...
CVE-2017-1143
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...
CVE-2016-6102
CVE-2016-6102 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises because versions 2.5 (2.5.0.7 and earlier) and 2.6 (2.6.0.2 and earlier) store sensitive information in URL parameters, enabling possible information disclosure if URLs are c...
CVE-2017-1120
IBM WebSphere Portal is affected by CVE-2017-1120 (XSS) in the web UI. The Nessus entry notes multiple XSS vulnerabilities impacting IBM WebSphere Portal 8.5.0 before CF14 and 9.0.0 before CF14, allowing an unauthenticated, remote attacker to execute arbitrary script in a user browser session and...
CVE-2017-1153
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference : 1999563...
CVE-2016-8960
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference : 1993718...
CVE-2017-1120
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 2000152...