Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4115: Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment could expose sensitive information(CVE-2019-4106, CVE-2019-4109, CVE-2019-4112, CVE-2019-4115)

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.

CVE
Open in Source
#xss#vulnerability#web#windows#linux#java#ibm
CVE-2019-4112: IBM WebSphere eXtreme Scale information disclosure CVE-2019-4112 Vulnerability Report

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

CVE-2019-4280: Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280)

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.

CVE-2019-4423: IBM Sterling File Gateway information disclosure CVE-2019-4423 Vulnerability Report

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.

CVE-2019-4305: IBM WebSphere Application Server Liberty information disclosure CVE-2019-4305 Vulnerability Report

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

CVE-2019-4304: IBM WebSphere Application Server - Liberty session fixation CVE-2019-4304 Vulnerability Report

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

CVE-2019-4141: IBM MQ denial of service CVE-2019-4141 Vulnerability Report

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.

CVE-2019-4571: Security Bulletin:IBM Content Navigator is affected by a cross site scripting vulnerability

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.

CVE-2019-4515: IBM Security Key Lifecycle Manager cross-site request forgery CVE-2019-4515 Vulnerability Report

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.

CVE-2019-4566: Security Bulletin: IBM Security Key Lifecycle Manager stores password in clear text (CVE-2019-4566)

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.