3 matches found
CVE-2017-1500
IBM Worklight/MobileFirst Platform Foundation is affected by CVE-2017-1500: a Reflected XSS in the RESTful Web Api authorization function where the scope parameter can reflect arbitrary JavaScript if a realm not defined in authenticationConfig.xml is used, potentially enabling credential disclosu...
CVE-2017-1772
CVE-2017-1772 affects IBM Worklight / MobileFirst Platform Foundation (Application Center) across 6.3, 7.0, 7.1, and 8.0. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within...
CVE-2020-4226
IBM MobileFirst Platform Foundation 8.0.0.0 is affected by CVE-2020-4226 due to storing highly sensitive information in URL parameters, enabling potential information disclosure if URLs are exposed via server logs, referrer headers, or browser history. Root cause: sensitive data appended to URLs ...