Pureapplication System Security Vulnerabilities and Issues — Pureapplication System CVE List

Lucene search

IbmPureapplication System

10 matches found

CVE•added 2014/09/24 6:48 p.m.•2727 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS

CVE•added 2014/09/25 1:55 a.m.•1236 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS

CVE•added 2015/01/28 7:59 p.m.•512 views

CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

10CVSS7.7AI score0.88605EPSS

CVE•added 2019/06/26 3:15 p.m.•40 views

CVE-2019-4224

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.

8.8CVSS8.9AI score0.00312EPSS

CVE•added 2019/06/26 3:15 p.m.•35 views

CVE-2019-4225

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

4.4CVSS5.1AI score0.0004EPSS

CVE•added 2015/01/10 2:59 a.m.•34 views

CVE-2014-6158

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, ...

9CVSS7.3AI score0.0236EPSS

CVE•added 2019/06/26 3:15 p.m.•34 views

CVE-2019-4234

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.

4.3CVSS5.2AI score0.00174EPSS

CVE•added 2019/06/26 3:15 p.m.•33 views

CVE-2019-4241

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.

8.4CVSS7.9AI score0.00052EPSS

CVE•added 2019/06/26 3:15 p.m.•30 views

CVE-2019-4235

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.

7.5CVSS7.8AI score0.00267EPSS

CVE•added 2014/06/14 11:18 a.m.•26 views

CVE-2014-0960

IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.

6.6CVSS6.2AI score0.00127EPSS