Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2012-2201: IBM X-Force Exchange

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.

CVE
Open in Source
#vulnerability#web#dos#ibm
CVE-2012-4818: Security Bulletin: Lack of path restriction may allow access to sensitive data stored on IBM InfoSphere Information Server (CVE-2012-4818) - IBM PSIRT Blog

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.

CVE-2011-4820: IBM Rational Asset Manager security bypass CVE-2011-4820 Vulnerability Report

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.

CVE-2012-2160: Fix List for Rational Change

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2022-35722: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35722)

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.

CVE-2022-35282: IBM WebSphere Application Server server-side request forgery CVE-2022-35282 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

CVE-2022-36771: IBM QRadar User Behavior Analytics information disclosure CVE-2022-36771 Vulnerability Report

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.

CVE-2022-22387: IBM Application Gateway cross-site scripting CVE-2022-22387 Vulnerability Report

IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.

CVE-2022-40912: Zero Science Lab » ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS

ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

When Will Cybersecurity Get Its Bloomberg Terminal?

The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it.