Lucene search
K

71 matches found

Prion
Prion
added 2019/11/22 4:15 p.m.19 views

Design/Logic Flaw

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...

4.9CVSS4.8AI score0.00611EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/22 3:21 p.m.22 views

CVE-2019-4215

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

6.1CVSS6.1AI score0.00897EPSS
Exploits0References2
CVE
CVE
added 2019/11/22 3:21 p.m.65 views

CVE-2019-4216

CVE-2019-4216 affects IBM Operations Analytics - Log Analysis (formerly SmartCloud/Log Analysis) versions 1.3.1–1.3.5. The vulnerability is a host header injection in HTTP requests, which could lead to HTTP cache poisoning or firewall bypass. The IBM security bulletin confirms the affected versio...

4.9CVSS5.1AI score0.00611EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/22 3:21 p.m.50 views

CVE-2019-4214

CVE-2019-4214 affects IBM SmartCloud Analytics / IBM Operations Analytics - Log Analysis versions 1.3.1–1.3.5. The issue is that authorization tokens and session cookies lack the Secure attribute, potentially allowing sensitive information to be exposed via MITM attacks. The NVD/NVD-derived data ...

4.3CVSS4AI score0.00477EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/22 3:21 p.m.20 views

CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

3.7CVSS3.6AI score0.00477EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:3 p.m.35 views

Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)

Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...

5.8CVSS0.4AI score0.03269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:38 p.m.25 views

Security Bulletin: Cross-site scripting in Oauth (CVE-2013-6738)

Summary Cross-site scripting in Oauth Vulnerability Details CVE ID: CVE-2013-6738 DESCRIPTION: OAuth /authorize endpoint will return an invalid query param in the response. This allows a script to be injected in the response. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See for the current sco...

4.3CVSS0.8AI score0.02077EPSS
Exploits0Affected Software1
NVD
NVD
added 2014/04/24 10:55 a.m.13 views

CVE-2013-6738

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

4.3CVSS5.4AI score0.02077EPSS
Exploits0References7
Prion
Prion
added 2014/04/24 10:55 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

4.3CVSS5.9AI score0.02077EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2014/04/24 10:0 a.m.59 views

CVE-2013-6738

CVE-2013-6738 is an XSS vulnerability in IBM SmartCloud Analytics Log Analysis (OAuth endpoint) and in IBM WebSphere Application Server OAuth functionality. The initial entry states that IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 prior to 1.2.0.0-CSI-SCALA-IF0003 can be exploited to inject...

4.3CVSS7.4AI score0.02077EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2014/04/24 10:0 a.m.25 views

CVE-2013-6738

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

5.4AI score0.02077EPSS
Exploits0References7
Rows per page
Query Builder