Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4564: IBM Security Key Lifecycle Manager cross-site scripting CVE-2019-4564 Vulnerability Report

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE
Open in Source
#xss#vulnerability#web#java#ibm
CVE-2019-4514: Security Bulletin: IBM Security Key Lifecycle Manager is affected by information exposure (CVE-2019-4514)

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.

CVE-2019-4441: IBM WebSphere Application Server information disclosure CVE-2019-4441 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

CVE-2019-4422: IBM Security Guardium privilege escalation CVE-2019-4422 Vulnerability Report

IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.

CVE-2019-4549: IBM Security Directory Server information disclosure CVE-2019-4549 Vulnerability Report

IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.

CVE-2019-4538: Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.

CVE-2019-4246: IBM Daeja ViewONE information disclosure CVE-2019-4246 Vulnerability Report

IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.

CVE-2019-4494: IBM Jazz Reporting Service cross-site scripting CVE-2019-4494 Vulnerability Report

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.

CVE-2019-4497: Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2019-4494, CVE-2019-4495, CVE-2019-4497)

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.

CVE-2019-4106: IBM WebSphere eXtreme Scale cross-site scripting CVE-2019-4106 Vulnerability Report

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099.