Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2017-5648)

Summary IBM Algo One - Algo Risk Application could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. Advsory 8335 Vulnerability Details CVE-ID: CVE-2017-5648 Description: Apache Tomcat could...

Security Bulletin: Vulnerability in Apache Tomcat afffects IBM Algorithmics One-Algo Risk Application (CVE-2016-6816)

Summary Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would...

CVE-2016-0207

IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...

CVE-2016-0207

IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...

CVE-2016-0207

Affected product: IBM Algorithmics One-Algo Risk Application (ARA) versions 4.9.1–5.1.0. Vulnerability: remote authenticated users could perform clickjacking by sending specially crafted HTTP requests, effectively hijacking the victim’s click actions. Impact: enables manipulation of user interact...

CVE-2017-1154

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference : 1999892...

CVE-2017-1154

IBM Algo One - Algo Risk Application (ARA) versions 4.9.1, 5.0, and 5.1.0 contain a vulnerability that could allow a user to access files in the local environment that should not be viewable by application users. The IBM security bulletin for CVE-2017-1154 notes this as a file-access issue and li...

IBM Algorithmics One-Algo Risk Application Unauthorized Access Vulnerability

IBM Algorithmics One-Algo Risk Application is a risk management software solution from IBM USA. An unauthorized access vulnerability exists in IBM Algorithmics One-Algo Risk Application. An attacker could exploit this vulnerability to obtain sensitive information that could lead to further attack...

CVE-2017-1155

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference : 1999754...

CVE-2017-1155

IBM Algorithmics One-Algo Risk Application (ARA) versions 4.9.1, 5.0, and 5.1.0 are affected by CVE-2017-1155, which could allow a user to access another user’s reports via a specially crafted HTTP request. Impact: unauthorized access to reports; CVSS v3 base score 4.3 (Network/Low complexity, Pr...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Algorithmics Algo One Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...