6 matches found
CVE-2012-5761
CVE-2012-5761 affects IBM NetEzta WebAdmin 6.0.5, 6.0.8, and 7.0 before P2. The root cause is that user-controlled input is not properly neutralized before being embedded in the web page output, enabling XSS via unspecified vectors for remote authenticated users. The IBM bulletin lists the impact...
CVE-2012-5763
CVE-2012-5763 affects IBM Netezza WebAdmin (WebAdmin 6.0.5, 6.0.8, and 7.0 before P2). The IBM bulletin documents a Cross-site request forgery (CSRF) flaw where requests may be accepted without proper authentication verification, potentially allowing remote attackers to hijack user sessions. Root...
CVE-2012-5941
IBM Netezza WebAdmin 6.0.5, 6.0.8, and 7.0 before P2 are affected by CVE-2012-5941, an XSS where user-supplied input is not neutralized before being included in web output, enabling phishing via the WebAdmin interface. The IBM bulletin lists remediation through patch 7.0 P2 (and related SSL guida...
CVE-2012-5940
IBM Netezza WebAdmin 6.0.5, 6.0.8, and 7.0 (pre-P2) are affected by CVE-2012-5940: when SSL is not enabled, login requests can be intercepted and credentials exposed during authentication. The IBM advisory assigns remediation to patch IBM Netezza WebAdmin 7.0 with patch level 7.0 P2, and a workar...
CVE-2012-5762
CVE-2012-5762 affects IBM Netezza WebAdmin (versions 6.0.5, 6.0.8 and 7.0 before P2). The vulnerability is an XSS allowing remote authenticated users to inject arbitrary script/HTML via MHTML protocol vectors. IBM’s bulletin for this family notes multiple issues and lists CVE-2012-5762 among them...
CVE-2012-5760
IBM Netezza WebAdmin is affected by CVE-2012-5760. Affected versions: WebAdmin 6.0.5, 6.0.8 and 7.0 prior to P2. Root cause: elements that could modify a SQL command are not properly neutralized, enabling an authenticated remote user to execute arbitrary SQL commands via unspecified vectors, with...