Vulnerabilites related to ibm - security_network_protection_firmware
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_network_protection_firmware | 5.1 | |
| ibm | security_network_protection_firmware | 5.1.1 | |
| ibm | security_network_protection_xgs_5100 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "853079DC-2990-4700-A69B-7FFC6E7175E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B08CBB-4A15-4125-A8FA-6F64655A0BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Local Management Interface (LMI) de dispositivos IBM Security Network Protection en XGS 5100 con firmware 5.1 anterior a la versi\u00f3n 5.1.0.6 y 5.1.1 anterior a 5.1.1.1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-5442",
"lastModified": "2024-11-21T01:57:28.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:03.643",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/63642"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-18 05:59
Modified
2024-11-21 02:41
Severity ?
Summary
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_network_protection_firmware | 5.3.1 | |
| ibm | security_network_protection_firmware | 5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF599A15-19DE-4107-9FC8-D11607F5D8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3929C35-38ED-49DB-A4CA-B317CF0D4836",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision."
},
{
"lang": "es",
"value": "GSKit en IBM Security Network Protection 5.3.1 en versiones anteriores a 5.3.1.7 y 5.3.2 permite a atacantes remotos descubrir credenciales desencadenando una colisi\u00f3n MD5."
}
],
"id": "CVE-2016-0201",
"lastModified": "2024-11-21T02:41:15.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-18T05:59:07.647",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/80883"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/80883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034696"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-23 00:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "853079DC-2990-4700-A69B-7FFC6E7175E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0006:*:*:*:*:*:*",
"matchCriteriaId": "3397FE0E-6196-4D8C-8828-24B6A1D1B8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0007:*:*:*:*:*:*",
"matchCriteriaId": "56BB2F97-E10B-40E0-AA3D-9ED2DDD2A58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0008:*:*:*:*:*:*",
"matchCriteriaId": "7FDA98C0-D5B4-4506-B4E6-F4A1AB53AF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0009:*:*:*:*:*:*",
"matchCriteriaId": "C8CD21B2-38C3-4E55-ACED-37C26662D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0010:*:*:*:*:*:*",
"matchCriteriaId": "88DB9D82-E0E2-4FFD-9534-C4E9B82B52E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0011:*:*:*:*:*:*",
"matchCriteriaId": "00C29A77-9429-44AD-AEE8-985903BEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.0.0:fp0012:*:*:*:*:*:*",
"matchCriteriaId": "EE490D0D-212E-44EF-B7BA-1D4A031D269F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB975E01-9B08-4D7F-BE4F-24DCC0E8A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0001:*:*:*:*:*:*",
"matchCriteriaId": "6EEC6005-3049-4163-8E90-18BD68C3D84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0002:*:*:*:*:*:*",
"matchCriteriaId": "98D4E305-AED6-4C80-B960-144312196256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0003:*:*:*:*:*:*",
"matchCriteriaId": "153C6815-D2E6-4B5D-AE49-F5492482F6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0004:*:*:*:*:*:*",
"matchCriteriaId": "E6944030-40B2-402B-A78E-39FA8438042A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0005:*:*:*:*:*:*",
"matchCriteriaId": "9026B285-228B-4B49-8E77-72EAD1256D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0006:*:*:*:*:*:*",
"matchCriteriaId": "F0A4C939-00D2-4A95-9A4B-44D692E1C860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.1.0:fp0007:*:*:*:*:*:*",
"matchCriteriaId": "885430D6-701E-4C30-AF68-3DF6F9B82E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0002:*:*:*:*:*:*",
"matchCriteriaId": "D2E2491C-898B-4AAB-9EF4-116EDB4E2DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0003:*:*:*:*:*:*",
"matchCriteriaId": "090BCD7B-1A56-45DF-A8D2-E89FF98724C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0004:*:*:*:*:*:*",
"matchCriteriaId": "972477A8-56AD-43CF-81DC-CA78BCBC3D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0005:*:*:*:*:*:*",
"matchCriteriaId": "9E57FD61-D3E2-454B-8B44-1B83AC99A46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0006:*:*:*:*:*:*",
"matchCriteriaId": "6504D814-5A8A-435C-9AF8-22760B9255AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0007:*:*:*:*:*:*",
"matchCriteriaId": "48DD9D18-C007-4BEB-B295-DEAC7FD7BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.0:fp0008:*:*:*:*:*:*",
"matchCriteriaId": "31EABD7A-180E-411D-89B6-FAB09913225E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.1:fp0001:*:*:*:*:*:*",
"matchCriteriaId": "11B9E23F-42DD-4D8A-BCC5-5E099A3768DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.1:fp0002:*:*:*:*:*:*",
"matchCriteriaId": "0DF4143E-4FC4-4D54-A69E-A909A1CD4B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.1.2.1:fp0004:*:*:*:*:*:*",
"matchCriteriaId": "25E0796A-0F9E-4B7B-A85E-8F20EE2095F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.2.0.0:fp0001:*:*:*:*:*:*",
"matchCriteriaId": "7F07E1D4-CD99-4D9F-B059-81AFA4AE1035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.2.0.0:fp0002:*:*:*:*:*:*",
"matchCriteriaId": "B3CE6717-CBFF-4B9E-8A6B-5116FD311589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.2.0.0:fp0003:*:*:*:*:*:*",
"matchCriteriaId": "E27DA4CC-A910-491E-A9D3-1290BBEA0B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.2.0.0:fp0004:*:*:*:*:*:*",
"matchCriteriaId": "AE51ABBE-13B1-4FB7-9998-B3C8402093DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04E96D89-E638-4F5E-A934-94CF6FAB04C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_network_protection_xgs_5000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB06D618-99CA-4640-835E-851611BF8FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:security_network_protection_xgs_5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B08CBB-4A15-4125-A8FA-6F64655A0BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Security Network Protection 5.1 anterior a 5.1.0.0 FP13, 5.1.1 anterior a 5.1.1.0 FP8, 5.1.2 anterior a 5.1.2.0 FP9, 5.1.2.1 anterior a FP5, 5.2 anterior a 5.2.0.0 FP5, y 5.3 anterior a 5.3.0.0 FP1 en los dispositivos XGS permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6183",
"lastModified": "2024-11-21T02:13:55.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-23T00:59:01.817",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-28 10:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_network_protection_firmware | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_network_protection_firmware:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04E96D89-E638-4F5E-A934-94CF6FAB04C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM Security Network Protection 5.3 anterior a 5.3.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2014-6198",
"lastModified": "2024-11-21T02:13:57.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-28T10:59:00.097",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032634"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-5442
Vulnerability from cvelistv5
Published
2013-11-13 15:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87818 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21655377 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/63642 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:20.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-xgs-cve20135442-xss(87818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
},
{
"name": "63642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-xgs-cve20135442-xss(87818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
},
{
"name": "63642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-xgs-cve20135442-xss(87818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87818"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655377"
},
{
"name": "63642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5442",
"datePublished": "2013-11-13T15:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:15:20.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6198
Vulnerability from cvelistv5
Published
2015-06-28 10:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21958090 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032634 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090"
},
{
"name": "1032634",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090"
},
{
"name": "1032634",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958090"
},
{
"name": "1032634",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6198",
"datePublished": "2015-06-28T10:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0201
Vulnerability from cvelistv5
Published
2016-01-18 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21974242 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/80883 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034696 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"name": "80883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80883"
},
{
"name": "1034696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"name": "80883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80883"
},
{
"name": "1034696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974242"
},
{
"name": "80883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80883"
},
{
"name": "1034696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0201",
"datePublished": "2016-01-18T02:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6183
Vulnerability from cvelistv5
Published
2014-11-23 00:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21690823 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98519 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823"
},
{
"name": "ibm-xgs-cve20146183-command-injection(98519)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823"
},
{
"name": "ibm-xgs-cve20146183-command-injection(98519)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823"
},
{
"name": "ibm-xgs-cve20146183-command-injection(98519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6183",
"datePublished": "2014-11-23T00:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}