4 matches found
CVE-2016-0201
CVE-2016-0201 involves IBM GSKit and is tied to an MD5 collision that could allow a remote attacker to obtain authentication credentials. IBM’s Security Bulletins describe affected products across GSKit-enabled IBM software (e.g., Content Manager Enterprise Edition and IBM HTTP Server, plus relat...
CVE-2014-6198
IBM Security Network Protection is affected by CVE-2014-6198, a Cross‑Site Request Forgery (CSRF) flaw in 5.3 before 5.3.1 that could allow a remote attacker to hijack an authenticated user’s session by luring them to a malicious page. The issue arises from improper validation of user‑supplied in...
CVE-2013-5442
CVE-2013-5442 is an XSS vulnerability affecting the Local Management Interface (LMI) of IBM Security Network Protection on XGS 5100 devices running firmware 5.1 and 5.1.1 (prior to 5.1.0.6 and 5.1.1.1, respectively). The issue allows remote attackers to inject arbitrary web script or HTML via uns...
CVE-2014-6183
CVE-2014-6183 affects IBM Security Network Protection (XGS) models 3100/4100/5100/7100. A remote authenticated attacker could inject and execute arbitrary shell commands due to a shell command injection vulnerability in firmware ranges 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, and 5.3. Remediation consist...