Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-01-31
Updated
2017-08-29
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
Max CVSS
4.3
EPSS Score
0.23%
Published
2013-02-20
Updated
2017-08-29
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.30%
Published
2013-02-20
Updated
2017-08-29
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
Max CVSS
7.5
EPSS Score
0.48%
Published
2013-02-19
Updated
2018-10-30
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
Max CVSS
8.5
EPSS Score
0.18%
Published
2013-03-27
Updated
2017-08-29
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
Max CVSS
3.5
EPSS Score
0.11%
Published
2013-04-24
Updated
2017-08-29
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.
Max CVSS
3.5
EPSS Score
0.12%
Published
2013-05-10
Updated
2017-08-29
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.27%
Published
2013-05-27
Updated
2017-08-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.
Max CVSS
5.8
EPSS Score
0.32%
Published
2013-08-01
Updated
2017-08-29
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.
Max CVSS
5.4
EPSS Score
0.08%
Published
2013-09-12
Updated
2017-08-29
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
Max CVSS
4.3
EPSS Score
0.17%
Published
2013-12-14
Updated
2017-08-29
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.09%
Published
2013-09-09
Updated
2017-08-29
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
Max CVSS
4.3
EPSS Score
0.27%
Published
2013-12-21
Updated
2017-08-29
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.14%
Published
2013-12-19
Updated
2017-08-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!