Marketing Platform Security Vulnerabilities and Issues — Marketing Platform CVE List

Lucene search

IbmMarketing Platform

13 matches found

CVE•added 2019/06/19 2:15 p.m.•81 views

CVE-2017-1107

IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

4.3CVSS4.2AI score0.00354EPSS

CVE•added 2016/06/28 1:59 a.m.•47 views

CVE-2016-0229

Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.9AI score0.00225EPSS

CVE•added 2014/06/28 12:55 a.m.•35 views

CVE-2013-6308

IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.

4.9CVSS6.7AI score0.00154EPSS

CVE•added 2017/04/17 9:59 p.m.•35 views

CVE-2016-0228

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.

5.4CVSS5.4AI score0.00103EPSS

CVE•added 2017/05/22 8:29 p.m.•34 views

CVE-2016-6112

IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.

8.8CVSS8.4AI score0.00349EPSS

CVE•added 2017/05/05 7:29 p.m.•32 views

CVE-2016-0255

IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security...

6.1CVSS6AI score0.00213EPSS

CVE•added 2018/12/07 4:29 p.m.•30 views

CVE-2018-1920

IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.

7.1CVSS6.8AI score0.00521EPSS

CVE•added 2014/06/28 12:55 a.m.•29 views

CVE-2013-6311

SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS7.9AI score0.00278EPSS

CVE•added 2016/06/28 1:59 a.m.•29 views

CVE-2016-0224

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

9.8CVSS9.7AI score0.00521EPSS

CVE•added 2016/06/28 1:59 a.m.•29 views

CVE-2016-0233

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

8.8CVSS8.5AI score0.00475EPSS

CVE•added 2018/12/07 4:29 p.m.•29 views

CVE-2018-1424

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.

7.1CVSS6.8AI score0.00521EPSS

CVE•added 2014/06/28 12:55 a.m.•27 views

CVE-2013-6309

IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.

6CVSS6.6AI score0.00406EPSS

CVE•added 2014/06/28 12:55 a.m.•24 views

CVE-2013-6310

Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00166EPSS