Lucene search

Control Center Security Vulnerabilities - January

cve

CVE-2016-0252

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

5.1CVSS

4.9AI Score

0.001EPSS

2016-07-08 01:59 AM

cve

CVE-2017-1758

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. ...

7.1CVSS

6.8AI Score

0.002EPSS

2018-02-21 09:29 PM

cve

CVE-2021-20528

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-19 08:15 PM

cve

CVE-2021-20529

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.

5.3CVSS

4.8AI Score

0.001EPSS

2021-05-19 08:15 PM