Lucene search
K

66 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.26 views

Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502

Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...

6.4CVSS0.9AI score0.04964EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.99 views

Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...

7.5CVSS0.2AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.18 views

Security Bulletin: IBM Worklight Android Pseudo Random Number Generator Weakness (CVE-2013-5391)

Summary Android applications that use Java Cryptography Architecture for key generation, signing or random number generation might not receive cryptographically strong values due to improper initialization of the underlying Pseudo Random Number Generator. Vulnerability Details CVEID: CVE-2013-539...

5.3CVSS0.8AI score0.01026EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:28 p.m.43 views

Security Bulletin: Security vulnerabilities have been identified in multiple components shipped with IBM Intelligent Operations Center (April 2015)

Summary Multiple components are shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting some components has been published in security bulletins. Vulnerability Details Consult the following security bulletins for vulnerability details: Vulnerabilities ...

9.4CVSS1.2AI score0.98685EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/05/02 12:0 a.m.2 views

IBM Worklight and Mobile Foundation Weak Password Vulnerability

IBM Worklight and Mobile Foundation are both products of IBM Corporation in the U.S. IBM Worklight is a suite of integrated development environments IDEs for developing, testing, running, and managing mobile applications.Mobile Foundation is a suite of software for rapidly creating mobile and...

5.3CVSS6.7AI score0.01026EPSS
Exploits0References1
NVD
NVD
added 2018/04/27 4:29 p.m.18 views

CVE-2013-5391

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by...

5.3CVSS5.1AI score0.01026EPSS
Exploits0References2
Prion
Prion
added 2018/04/27 4:29 p.m.17 views

Input validation

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by...

3.5CVSS6.6AI score0.01026EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2018/04/27 4:0 p.m.17 views

CVE-2013-5391

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by...

5.1AI score0.01026EPSS
Exploits0References2
CVE
CVE
added 2018/04/27 4:0 p.m.59 views

CVE-2013-5391

CVE-2013-5391 affects IBM Worklight and Mobile Foundation on Android, where improper initialization of the PRNG and use of the Java Cryptography Architecture in Worklight programs can weaken cryptographic protection. Affected products include IBM Worklight Consumer/Enterprise Editions 5.0.x prior...

5.3CVSS5AI score0.01026EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/04 6:29 p.m.17 views

CVE-2017-1772

IBM Worklight IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS5.8AI score0.01325EPSS
Exploits0References3
OSV
OSV
added 2018/04/04 6:29 p.m.3 views

CVE-2017-1772

IBM Worklight IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS5.4AI score0.01325EPSS
Exploits0References3
Prion
Prion
added 2018/04/04 6:29 p.m.11 views

Cross site scripting

IBM Worklight IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

4.3CVSS5.7AI score0.01325EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/04/04 6:0 p.m.20 views

CVE-2017-1772

IBM Worklight IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS5.8AI score0.01325EPSS
Exploits0References3
CVE
CVE
added 2018/04/04 6:0 p.m.43 views

CVE-2017-1772

CVE-2017-1772 affects IBM Worklight / MobileFirst Platform Foundation (Application Center) across 6.3, 7.0, 7.1, and 8.0. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within...

6.1CVSS5.8AI score0.01325EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2017/08/03 12:0 a.m.78 views

IBM Worklight / MobileFirst Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 a3/4 Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api a1/2 ======== a3/4 Table of Contents a1/2 ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline ...

6.4AI score0.00779EPSS
Exploits1
ThreatPost
ThreatPost
added 2017/08/02 3:11 p.m.28 views

IBM Patches Reflected XSS in Worklight, MobileFirst

IBM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability CVE-2017-1500 lingered in the products, Worklight and MobileFirs...

4.3CVSS6.3AI score0.00779EPSS
Exploits1References8
CNVD
CNVD
added 2017/08/02 12:0 a.m.2 views

IBM Worklight Cross-Site Scripting Vulnerability

IBM Worklight is a suite of solutions for developing, testing, managing and securing HTML5, hybrid and native mobile applications from IBM USA. A cross-site scripting vulnerability exists in IBM Worklight. A remote attacker can inject arbitrary JavaScript code into the Web UI...

6.1CVSS6.4AI score0.00779EPSS
Exploits1References1
NVD
NVD
added 2017/08/01 6:29 p.m.13 views

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

6.1CVSS6AI score0.00779EPSS
Exploits1References2
OSV
OSV
added 2017/08/01 6:29 p.m.8 views

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

6.1CVSS5.9AI score0.00779EPSS
Exploits1References2
Prion
Prion
added 2017/08/01 6:29 p.m.13 views

Cross site scripting

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

4.3CVSS5.9AI score0.00779EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder