Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Campaign Security Vulnerabilities - January

cve
cve

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is...

5.4CVSS

5.5AI Score

0.001EPSS

2017-02-01 08:59 PM
26
cve
cve

CVE-2016-9749

IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.

4CVSS

3.9AI Score

0.0004EPSS

2018-11-09 01:29 AM
23
cve
cve

CVE-2017-1114

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.

5.4CVSS

5.2AI Score

0.001EPSS

2018-09-07 04:00 PM
31
cve
cve

CVE-2017-1115

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.

5.4CVSS

5.6AI Score

0.001EPSS

2018-09-07 04:00 PM
25
cve
cve

CVE-2017-1116

IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.

4.3CVSS

4.3AI Score

0.001EPSS

2018-04-27 03:29 PM
26
cve
cve

CVE-2018-1921

IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.

5.4CVSS

5.2AI Score

0.001EPSS

2019-07-17 02:15 PM
19
cve
cve

CVE-2018-1941

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.

8.4CVSS

7.1AI Score

0.0004EPSS

2018-12-05 05:29 PM
21
cve
cve

CVE-2019-4384

IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.

4.3CVSS

4.5AI Score

0.001EPSS

2019-06-19 02:15 PM
63