IBM » Infosphere Optim Data Growth For Oracle E-business Suite : Security Vulnerabilities, CVEs,
The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
5.0
EPSS Score
0.27%
Published
2013-05-27
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
3.5
EPSS Score
0.06%
Published
2013-05-27
Updated
2017-08-29
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.86%
Published
2013-05-27
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue.
Max CVSS
3.5
EPSS Score
0.06%
Published
2013-05-27
Updated
2017-08-29
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.27%
Published
2013-05-27
Updated
2017-08-29
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Max CVSS
4.3
EPSS Score
0.05%
Published
2013-05-27
Updated
2013-05-28
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.
Max CVSS
4.9
EPSS Score
0.09%
Published
2013-10-10
Updated
2017-08-29
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication.
Max CVSS
4.3
EPSS Score
0.21%
Published
2013-10-10
Updated
2017-08-29
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors.
Max CVSS
5.2
EPSS Score
0.16%
Published
2013-10-10
Updated
2017-08-29
9 vulnerabilities found