Lucene search
K
IbmSecurity Siteprotector System

12 matches found

CVE
CVE
added 2022/07/11 5:5 p.m.59 views

CVE-2020-4150

Vulnerability CVE-2020-4150 affects IBM SiteProtector System 3.1.1 (and, per CNNVD, 3.1.1.0–3.1.1.23). Root cause: hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Impact described as credential exposure and trust management weakness; re...

9.8CVSS8.8AI score0.00846EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.51 views

CVE-2015-0160

CVE-2015-0160 affects IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. An authenticated remote user could execute arbitrary commands with SYSTEM privileges via unspecified vectors. The IBM Security bulletin provides remediation: apply the eXPress...

9CVSS7.4AI score0.02916EPSS
CVE
CVE
added 2017/09/20 6:0 p.m.45 views

CVE-2015-0162

IBM Security SiteProtector System (SP2001/SP3001/SP4001) is affected by CVE-2015-0162 due to an unquoted Windows search path vulnerability in the SiteProtector components, enabling local privilege elevation for attackers with physical/logical access. The bulletin details that local attackers can ...

7CVSS6.8AI score0.00327EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.45 views

CVE-2015-0168

IBM Security SiteProtector System is affected by CVE-2015-0168 (XSS) affecting versions 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. The vulnerability arises from improper validation that could allow remote authenticated users to inject scripts, potentially stealing cookies b...

3.5CVSS5.2AI score0.00783EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.44 views

CVE-2015-0161

IBM Security SiteProtector System is affected by CVE-2015-0161: SQL injection in SiteProtector 3.0 (before 3.0.0.7), 3.1 (before 3.1.0.4), and 3.1.1 (before 3.1.1.2). An authenticated remote user can execute arbitrary SQL commands via unspecified vectors, potentially affecting the back-end databa...

6.5CVSS7.9AI score0.00991EPSS
CVE
CVE
added 2022/07/11 5:5 p.m.44 views

CVE-2020-4138

IBM SiteProtector Appliance 3.1.1 is affected by CVE-2020-4138, which allows web pages to be stored locally and read by another user on the same system. The issue is documented in NVD and IBM's security bulletin; affected product/version is IBM SiteProtector system 3.1.1. Remediation: apply the e...

5.5CVSS4.8AI score0.00234EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.43 views

CVE-2015-0171

IBM Security SiteProtector System is affected by CVE-2015-0171: a directory traversal vulnerability that could allow remote authenticated users to write to arbitrary files. Affected versions include 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2. The issue is addressed in IBM XP...

5.5CVSS6.3AI score0.01362EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.42 views

CVE-2015-0170

Affected software: IBM Security SiteProtector System 3.0 (before 3.0.0.7), 3.1 (before 3.1.0.4), and 3.1.1 (before 3.1.1.2). Vulnerability: local users can read cached data to obtain sensitive information (information disclosure). Impact: partial confidentiality impact as per NVD entry. Root caus...

2.1CVSS5.7AI score0.00318EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.42 views

CVE-2020-4146

CVE-2020-4146 affects IBM Security SiteProtector System 3.1.1. The root cause is missing the HttpOnly flag, enabling a remote attacker to obtain sensitive information from the Web interface. Documentsconfirm the affected product/version and describe the impact as information disclosure. Public-fa...

5.3CVSS5AI score0.01075EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.38 views

CVE-2015-0169

CVE-2015-0169 affects IBM Security SiteProtector System 3.0 (pre-3.0.0.7), 3.1 (pre-3.1.0.4), and 3.1.1 (pre-3.1.1.2). A vulnerability exists where remote authenticated users can inject arguments via unspecified vectors, potentially affecting server integrity. IBM’s consolidated advisory lists th...

4CVSS6.1AI score0.00908EPSS
CVE
CVE
added 2018/04/10 3:0 p.m.36 views

CVE-2015-0172

CVE-2015-0172 affects IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1. A security bypass could allow a remote attacker to bypass restrictions, potentially execute commands and obtain sensitive information via unknown vectors. The vendor bulletin lists no official remediation fixes; however...

7.5CVSS7.4AI score0.01413EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.35 views

CVE-2020-4140

Summary (CVE-2020-4140): IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting in the Web UI, enabling embedding of arbitrary JavaScript that can alter UI behavior and potentially disclose credentials within a trusted session. The issue affects SiteProtector System version...

5.4CVSS5.1AI score0.0048EPSS