CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary An authenticated user of ViewONE may be able to access ViewONE cached content that they do not have repository authorisation to view. Vulnerability Details CVEID:CVE-2020-4720 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual could allow an authenticated user to obtain...

5.4AI score

Exploits0Affected Software1

IBM Security Bulletins•added 2024/10/14 5:58 a.m.•33 views

Security Bulletin: IBM Daeja ViewONE Virtual 5.0.14 iFix 5 addresses CVE-2017-9096

Summary IBM Daeja ViewONE Virtual 5.0.14 iFix 5 released on October 3, 2024 addresses the vulnerable library iText reported under CVE-2017-9096 by removing it. Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: iText PDF Library could allow a remote authenticated attacker to obtain sensitive...

8.8CVSS6AI score0.07637EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/08/02 3:35 a.m.•16 views

Security Bulletin: IBM Content Navigator is vulnerable to Cross Site Port Attack due to Daeja ViewONE (CVE-2024-31897)

Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2024-31897 Vulnerability Details CVEID:CVE-2024-31897 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0....

4.3CVSS4.7AI score0.00124EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/01/11 12:36 a.m.•45 views

Security Bulletin: IBM Content Navigator is vulnerable to a Code Inject Exploit due to Daeja ViewOne Virtual (CVE-2023-40684)

Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2023-40684. Vulnerability Details CVEID:CVE-2023-40684 DESCRIPTION: IBM Content Navigator with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to emb...

5.4CVSS5AI score0.00074EPSS

Exploits0Affected Software1

OSV•added 2023/10/04 2:15 p.m.•1 views

CVE-2023-40684

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS6AI score

Exploits0References2

Prion•added 2023/10/04 2:15 p.m.•14 views

Cross site scripting

4.9CVSS5.3AI score0.00074EPSS

Exploits0References2Affected Software1

CVE•added 2023/10/04 1:38 p.m.•61 views

CVE-2023-40684

CVE-2023-40684 affects IBM Content Navigator on 3.0.11/3.0.13/3.0.14 when used with IBM Daeja ViewOne Virtual. The issue is a cross-site scripting vulnerability that lets a user embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Docum...

5.4CVSS4.9AI score0.00074EPSS

Exploits0References2Affected Software1

IBM Security Bulletins•added 2023/07/18 4:15 p.m.•36 views

Security Bulletin: Daeja ViewONE may be affected by Bouncy Castle Vulnerability (CVE-2023-33201)

Summary ViewONE has a bundled version of Bouncy Castle containing a known security issue. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 nam...

5.3CVSS6.3AI score0.00326EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/01/28 7:16 p.m.•19 views

Security Bulletin: Daeja ViewONE Professional, Standard & Virtual does not have limits for large or slow workloads.

Summary ViewONE does not ensure that content is small enough before completing work, nor does it have timeouts for some processes. Vulnerability Details CVEID: CVE-2017-1212 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual is vulnerable to a denial of service when viewing or openin...

6.5CVSS1.5AI score0.00241EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/01/28 7:16 p.m.•20 views

Security Bulletin: Daeja ViewONE Professional, Standard & Virtual components do not set a character set or nosniff headers

Summary Responses from ViewONE server-side components include a mime-type without a character set and no X-Content-Type-Options=nosniff header. Vulnerability Details CVEID: CVE-2017-1209 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual is vulnerable to cross-site scripting. This...

5.4CVSS2.1AI score0.00184EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/01/28 7:16 p.m.•13 views

Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability

Summary IBM Daeja ViewONE Virtual is vulnerable to Persistent Cross-site Scripting attack Vulnerability Details CVEID: CVE-2018-1399 DESCRIPTION: IBM Daeja ViewONE Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...

5.4CVSS1.7AI score0.00237EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/01/28 7:16 p.m.•24 views

Security Bulletin: Daeja ViewONE Professional, Standard & Virtual is affected by a disclosing sensitive data when logging is enabled vulnerability

Summary Daeja ViewONE Professional, Standard & Virtual has addressed the following vulnerability. When logging is enabled in Daeja ViewONE, the user's current session ID can be written to log files or standard output. Vulnerability Details CVEID: CVE-2017-1211 DESCRIPTION: IBM Daeja ViewONE...

2.5CVSS1.2AI score0.00045EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by