12 matches found
CVE-2020-4150
Vulnerability CVE-2020-4150 affects IBM SiteProtector System 3.1.1 (and, per CNNVD, 3.1.1.0–3.1.1.23). Root cause: hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Impact described as credential exposure and trust management weakness; re...
CVE-2015-0160
CVE-2015-0160 affects IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. An authenticated remote user could execute arbitrary commands with SYSTEM privileges via unspecified vectors. The IBM Security bulletin provides remediation: apply the eXPress...
CVE-2015-0162
IBM Security SiteProtector System (SP2001/SP3001/SP4001) is affected by CVE-2015-0162 due to an unquoted Windows search path vulnerability in the SiteProtector components, enabling local privilege elevation for attackers with physical/logical access. The bulletin details that local attackers can ...
CVE-2015-0168
IBM Security SiteProtector System is affected by CVE-2015-0168 (XSS) affecting versions 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. The vulnerability arises from improper validation that could allow remote authenticated users to inject scripts, potentially stealing cookies b...
CVE-2015-0161
IBM Security SiteProtector System is affected by CVE-2015-0161: SQL injection in SiteProtector 3.0 (before 3.0.0.7), 3.1 (before 3.1.0.4), and 3.1.1 (before 3.1.1.2). An authenticated remote user can execute arbitrary SQL commands via unspecified vectors, potentially affecting the back-end databa...
CVE-2020-4138
IBM SiteProtector Appliance 3.1.1 is affected by CVE-2020-4138, which allows web pages to be stored locally and read by another user on the same system. The issue is documented in NVD and IBM's security bulletin; affected product/version is IBM SiteProtector system 3.1.1. Remediation: apply the e...
CVE-2015-0171
IBM Security SiteProtector System is affected by CVE-2015-0171: a directory traversal vulnerability that could allow remote authenticated users to write to arbitrary files. Affected versions include 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. The issue is addressed in IBM XP...
CVE-2015-0170
Affected software: IBM Security SiteProtector System 3.0 (before 3.0.0.7), 3.1 (before 3.1.0.4), and 3.1.1 (before 3.1.1.2). Vulnerability: local users can read cached data to obtain sensitive information (information disclosure). Impact: partial confidentiality impact as per NVD entry. Root caus...
CVE-2020-4146
CVE-2020-4146 affects IBM Security SiteProtector System 3.1.1. The root cause is missing the HttpOnly flag, enabling a remote attacker to obtain sensitive information from the Web interface. Documentsconfirm the affected product/version and describe the impact as information disclosure. Public-fa...
CVE-2015-0169
CVE-2015-0169 affects IBM Security SiteProtector System 3.0 (pre-3.0.0.7), 3.1 (pre-3.1.0.4), and 3.1.1 (pre-3.1.1.2). A vulnerability exists where remote authenticated users can inject arguments via unspecified vectors, potentially affecting server integrity. IBM’s consolidated advisory lists th...
CVE-2015-0172
CVE-2015-0172 affects IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1. A security bypass could allow a remote attacker to bypass restrictions, potentially execute commands and obtain sensitive information via unknown vectors. The vendor bulletin lists no official remediation fixes; however...
CVE-2020-4140
Summary (CVE-2020-4140): IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting in the Web UI, enabling embedding of arbitrary JavaScript that can alter UI behavior and potentially disclose credentials within a trusted session. The issue affects SiteProtector System version...