Lucene search
K
IbmPlatform Symphony

8 matches found

CVE
CVE
added 2013/11/06 11:0 a.m.112 views

CVE-2013-5387

CVE-2013-5387 affects IBM Platform Symphony; multiple sources link a SOAP handling issue leading to a buffer overflow. ZDI-14-017 explicitly states a remote code execution vulnerability in IBM Platform Symphony DE caused by malformed SOAP requests, allowing code execution in the target process (u...

4.3CVSS6.9AI score0.01483EPSS
CVE
CVE
added 2018/08/01 5:0 p.m.53 views

CVE-2018-1595

CVE-2018-1595 affects IBM Platform Symphony and IBM Spectrum Symphony. Concrete details in connected sources show a Remote Command Execution flaw caused by improper handling of user input, enabling an authenticated user to execute arbitrary commands. Affected products/versions include Platform Sy...

8.8CVSS8.7AI score0.02415EPSS
CVE
CVE
added 2018/09/28 1:0 p.m.47 views

CVE-2018-1702

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1, and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by a XML External Entity Injection (XXE) when processing XML data. A remote attacker could exploit this to disclose sensitive information or exhaust memory resources. Root cause is XXE in XML ...

7.1CVSS6.8AI score0.01853EPSS
CVE
CVE
added 2018/09/28 1:0 p.m.46 views

CVE-2018-1704

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1, and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by CVE-2018-1704, an open redirect vulnerability that enables a remote attacker to conduct phishing by tricking a user into visiting a crafted site and spoofing the URL to redirect to a malici...

6.8CVSS5.1AI score0.00706EPSS
CVE
CVE
added 2018/10/11 12:0 p.m.43 views

CVE-2018-1708

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by CVE-2018-1708, an information-disclosure flaw in the WebUI that could let an authenticated user obtain sensitive data such as passwords. Root cause: WebUI exposes confidential information, enabling partial confidentiality impact per NVD CVSS...

6.5CVSS6AI score0.01248EPSS
CVE
CVE
added 2014/02/14 2:0 a.m.41 views

CVE-2013-5400

Summary: CVE-2013-5400 affects IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x up to 6.1.1. A servlet contains hardcoded credentials, enabling remote attackers to bypass authentication and gain access to the local environment. Impact: authenticated access bypass with full local environ...

10CVSS6.9AI score0.02288EPSS
CVE
CVE
added 2018/08/28 11:0 a.m.41 views

CVE-2018-1705

CVE-2018-1705 affects IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. It is an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. Remediation is available via IBM Fix Central for the l...

6.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2014/01/21 3:0 p.m.37 views

CVE-2013-6305

CVE-2013-6305 affects IBM Platform Symphony 5.2 (before build 229037) and 6.1.0.1 (before build 229073). The root cause is reuse of the same credentials encryption key across different customers’ installations, enabling context-dependent attackers to obtain sensitive information by leveraging kno...

4.3CVSS6AI score0.00619EPSS