122 matches found
CVE-2013-2953
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...
CVE-2013-2954
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2013-2956
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-2959
The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue...
Design/Logic Flaw
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...
Authentication flaw
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
Design/Logic Flaw
The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
Sql injection
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2013-2953
CVE-2013-2953 affects IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.x–9.x) prior to 9.1.0.3. The issue is use of the MD5 algorithm for X.509 certificate signatures, which can enable MITM-style certificate spoofing. The IBM Flash/PR describes the vulnerability and notes ...
CVE-2013-2954
CVE-2013-2954 affects IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.0–9.1). The IBM bulletin documents an inadequate account lockout: the Optim E-Business Console login page does not limit consecutive incorrect authentication attempts, enabling potential brute-force acc...
CVE-2013-2955
The CVE-2013-2955 entry is supported by IBM’s Security Bulletin for IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.0–9.1 affected). Description: Stored Cross-Site Scripting via a crafted URL could cause an authenticated user to have their browser execute arbitrary script...
CVE-2013-2956
CVE-2013-2956 affects IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.x–9.x) prior to 9.1.0.3. The vulnerability is “Authentication Bypass Using SQL Injection” in the Optim E-Business Console, where SQL injection can bypass login, potentially compromising confidentiality ...
CVE-2013-2957
CVE-2013-2957 is an XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (versions 6.x–9.x) prior to 9.1.0.3. The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, as described in the IBM advisory for the related family ...
CVE-2013-2959
IBM's advisory for CVE-2013-2959 states that the IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Console does not encrypt login credentials in transit, affecting versions 6.0 through 9.1. Exploitation could sniff credentials over the network. The root cause is unencrypted login traff...
CVE-2013-2953
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate...
CVE-2013-2954
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2013-2955
Cross-site scripting XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue...
CVE-2013-2956
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...