8 matches found
CVE-2013-5387
CVE-2013-5387 affects IBM Platform Symphony; multiple sources link a SOAP handling issue leading to a buffer overflow. ZDI-14-017 explicitly states a remote code execution vulnerability in IBM Platform Symphony DE caused by malformed SOAP requests, allowing code execution in the target process (u...
CVE-2018-1595
CVE-2018-1595 affects IBM Platform Symphony and IBM Spectrum Symphony. Concrete details in connected sources show a Remote Command Execution flaw caused by improper handling of user input, enabling an authenticated user to execute arbitrary commands. Affected products/versions include Platform Sy...
CVE-2018-1702
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1, and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by a XML External Entity Injection (XXE) when processing XML data. A remote attacker could exploit this to disclose sensitive information or exhaust memory resources. Root cause is XXE in XML ...
CVE-2018-1704
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1, and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by CVE-2018-1704, an open redirect vulnerability that enables a remote attacker to conduct phishing by tricking a user into visiting a crafted site and spoofing the URL to redirect to a malici...
CVE-2018-1708
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are affected by CVE-2018-1708, an information-disclosure flaw in the WebUI that could let an authenticated user obtain sensitive data such as passwords. Root cause: WebUI exposes confidential information, enabling partial confidentiality impact per NVD CVSS...
CVE-2013-5400
Summary: CVE-2013-5400 affects IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x up to 6.1.1. A servlet contains hardcoded credentials, enabling remote attackers to bypass authentication and gain access to the local environment. Impact: authenticated access bypass with full local environ...
CVE-2018-1705
CVE-2018-1705 affects IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. It is an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. Remediation is available via IBM Fix Central for the l...
CVE-2013-6305
CVE-2013-6305 affects IBM Platform Symphony 5.2 (before build 229037) and 6.1.0.1 (before build 229073). The root cause is reuse of the same credentials encryption key across different customers’ installations, enabling context-dependent attackers to obtain sensitive information by leveraging kno...