IBM » Tivoli Netcool/omnibus : Security Vulnerabilities, CVEs,
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
Max CVSS
7.5
EPSS Score
0.26%
Published
2011-03-09
Updated
2017-08-17
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174907.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-03-03
Updated
2020-03-03
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174909.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-03-03
Updated
2020-03-03
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.
Max CVSS
4.3
EPSS Score
0.05%
Published
2020-03-18
Updated
2020-03-19
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.
Max CVSS
3.5
EPSS Score
0.06%
Published
2014-05-01
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.
Max CVSS
3.5
EPSS Score
0.06%
Published
2014-05-01
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
3.5
EPSS Score
0.06%
Published
2015-01-17
Updated
2017-08-29
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.
Max CVSS
2.4
EPSS Score
0.05%
Published
2020-03-03
Updated
2020-03-03
8 vulnerabilities found