Platform Symphony Security Vulnerabilities and Issues — Platform Symphony CVE List

Lucene search

IbmPlatform Symphony

8 matches found

CVE•added 2013/11/06 3:55 p.m.•104 views

CVE-2013-5387

Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.

4.3CVSS6.9AI score0.00658EPSS

CVE•added 2018/08/01 5:29 p.m.•45 views

CVE-2018-1595

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

8.8CVSS8.7AI score0.00229EPSS

CVE•added 2018/09/28 1:29 p.m.•36 views

CVE-2018-1702

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-F...

7.1CVSS6.8AI score0.00351EPSS

CVE•added 2018/09/28 1:29 p.m.•36 views

CVE-2018-1704

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to sp...

6.8CVSS5.1AI score0.00082EPSS

CVE•added 2018/10/11 12:29 p.m.•35 views

CVE-2018-1708

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.

6.5CVSS6AI score0.00177EPSS

CVE•added 2018/08/28 11:29 a.m.•33 views

CVE-2018-1705

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340.

6.5CVSS5.9AI score0.00177EPSS

CVE•added 2014/02/14 1:10 p.m.•30 views

CVE-2013-5400

An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.

10CVSS6.9AI score0.03576EPSS

CVE•added 2014/01/21 3:17 p.m.•27 views

CVE-2013-6305

IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key.

4.3CVSS6AI score0.00143EPSS