CVE-2019-4757

IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CSRF) under CVE-2019-4757. Affected products/versions include IBM InfoSphere Information Server (11.3, 11.5, 11.7) and InfoSphere Information Server on Cloud (11.5, 11.7). The bulletin lists remediation patches and ser...

CVE-2019-4407

CVE-2019-4407 is a confirmed CSRF vulnerability affecting IBM InfoSphere Information Server (and InfoSphere on Cloud) as detailed in IBM’s Security Bulletin. Affected versions: InfoSphere Information Server 11.3, 11.5, 11.7 and InfoSphere Information Server on Cloud 11.5 and 11.7. The issue allow...

CVE-2018-1995

CVE-2018-1995 is documented in the IBM UrbanCode Deploy bulletin as a vulnerability where authenticated web agents could modify another agent’s properties via a crafted request. Affected products are IBM UrbanCode Deploy Web Agents (versions 6.2.7.3–6.2.7.4 and 7.0–7.0.1.1); JMS-based agents are ...

CVE-2018-1613

CVE-2018-1613 is a confirmed vulnerability in IBM Platform Symphony and IBM Spectrum Symphony involving a vertical authorization bypass in the Symping utility. A local attacker could obtain a privileged token and gain privileges or access highly sensitive data. Affected products/versions: IBM Pla...

CVE-2016-6907

CVE-2016-6907 affects F5 BIG-IP TMM SSL/TLS virtual servers using CBC ciphers, enabling a Vaudenay timing/padding oracle attack to potentially reveal plaintext. vulnerable platforms include BIG-IP on Cavium Nitrox with CBC ciphers (not AES-GCM or RC4); also impacts BIG-IP VE/cloud and specific ha...

CVE-2018-1714

The IBM bulletin confirms CVE-2018-1714 affects IBM Cloud Private 2.1.0 where any user authorized to deploy a Helm chart can install an unsafe chart that runs with privileges greater than the Helm user’s. Impact is privilege escalation within the cluster, with CVSS Base Score 7. Remediation: upgr...

CVE-2018-1681

CVE-2018-1681 affects IBM Data Science Experience Local. The IBM security bulletin confirms a vulnerability that could disclose highly sensitive information to a local unprivileged user. Affected versions are IBM Data Science Experience Local 1.1.0, 1.1.1, 1.1.2, 1.1.3, and 1.2.0. The remediation...

CVE-2018-1769

CVE-2018-1769 affects IBM Spectrum Protect Operations Center (formerly Tivoli Storage Manager Operations Center). The vulnerability occurs when tracing is enabled for OC_TASKS, causing the monitoring ID password to be written in plaintext to trace files. Affected versions are 8.1.0.000–8.1.6.100 ...

CVE-2018-1855

CVE-2018-1855 is an IBM Spectrum Protect Operations Center (formerly Tivoli Storage Manager Operations Center) cross-site scripting vulnerability. Versions affected: 8.1.0.000–8.1.6.100 and 7.1.0.000–7.1.9.100. The flaw allows a remote attacker to inject arbitrary JavaScript into the Web UI, pote...

CVE-2018-1854

IBM Spectrum Protect Operations Center (formerly Tivoli Storage Manager Operations Center) is affected by CVE-2018-1854: a cross-site scripting vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. Affected versions are 8.1.0.000–8.1.6.100 and 7.1.0.000–7.1...

CVE-2018-1589

CVE-2018-1589 is documented in IBM’s Multi-Cloud Data Encryption (MDE) security bulletin as a denial-of-service vulnerability. The issue occurs because MDE does not properly restrict the size or amount of resources requested or influenced by an actor, allowing resource consumption beyond intended...

CVE-2018-1592

CVE-2018-1592 (IBM Multi-Cloud Data Encryption, MDE) is an information-exposure vulnerability caused by storing sensitive data in URL parameters. The IBM reports show affected MDE versions: 2.1-2.1.0.1 and 2.1-2.1.0.2, with remediation available via upgrade to 2.1.0.2 (for 2.1 line) or to 2.2.0.0...

CVE-2017-1579

CVE-2017-1579 is addressed in IBM DOORS Next Generation (DNG/RRC). The IBM Security Bulletin reports a cross-site scripting vulnerability in the Web UI of Rational DOORS Next Generation, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted sessi...

CVE-2012-1359

CVE-2012-1359, as reserved, has a connected IBM advisory detailing multiple security vulnerabilities in IBM JRE 7.0 SR2 or earlier (and non-IBM Java 7.0 when used with Rational Functional Tester). The bulletin lists numerous CVEs (e.g., CVE-2012-3159 and related issues across JRE components such ...

CVE-2016-6109

CVE-2016-6109 is a cross-site scripting vulnerability in IBM Business Process Manager (BPM) used with IBM Cloud Orchestrator/Enterprise. IBM advisories (IBM BPM/Cloud Orchestrator links) enumerate affected BPM/Cloud Orchestrator versions and state the vulnerability allows embedding arbitrary Java...

CVE-2016-6041

IBM Tealeaf Customer Experience (IBM Tealeaf CX) is affected by CVE-2016-6041: the product does not properly secure session cookies, potentially allowing an authenticated user to obtain sensitive information. Affected versions include IBM Tealeaf CX v8.7 through v9.0.2. Remediation paths are prov...

CVE-2018-1365

Summary: CVE-2018-1365 affects IBM Cloud Event Management and IBM Alert Notification when viewed in Internet Explorer. The vulnerability allows an attacker to hijack a victim’s click actions by loading the affected console in an iframe not belonging to the system, potentially enabling further att...

CVE-2017-1797

IBM Kenexa LCMS Premier on Cloud is affected by a SQL injection vulnerability tracked as CVE-2017-1797. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected versions include 9.3 through 11.1; remediation is to upgrad...

SUSE-SU-2023:0463-1 Security update for tar

This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump bsc1207753. Bug fixes: - Fix hang when unpacking test tarball bsc1202436...

SUSE CVE-2006-2195

Cross-site scripting XSS vulnerability in horde 3 horde3 before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via 1 templates/problem/problem.inc and 2 test.php...