Search criteria
36 vulnerabilities found for security_siteprotector_system by ibm
FKIE_CVE-2020-4138
Vulnerability from fkie_nvd - Published: 2022-07-11 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/174049 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6602547 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/174049 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6602547 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93029FE9-1374-476F-8B46-09263FBD0B2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049."
},
{
"lang": "es",
"value": "IBM SiteProtector Appliance 3.1.1 permite almacenar localmente p\u00e1ginas web que pueden ser le\u00eddas por otro usuario del sistema. ID de IBM X-Force: 174049"
}
],
"id": "CVE-2020-4138",
"lastModified": "2024-11-21T05:32:18.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T17:15:08.780",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4150
Vulnerability from fkie_nvd - Published: 2022-07-11 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/174142 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6602547 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/174142 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6602547 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93029FE9-1374-476F-8B46-09263FBD0B2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142."
},
{
"lang": "es",
"value": "IBM SiteProtector Appliance 3.1.1 contiene credenciales codificadas, como una contrase\u00f1a o una clave criptogr\u00e1fica, que utiliza para su propia autenticaci\u00f3n de entrada, la comunicaci\u00f3n de salida a componentes externos o el cifrado de datos internos. ID de IBM X-Force: 174142"
}
],
"id": "CVE-2020-4150",
"lastModified": "2024-11-21T05:32:18.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T17:15:08.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4146
Vulnerability from fkie_nvd - Published: 2021-11-12 16:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/174129 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6515056 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/174129 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6515056 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing \u0027HttpOnly\u0027 flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System versi\u00f3n 3.1.1, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causado por una falta del flag \"HttpOnly\". Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial. IBM X-Force ID: 174129"
}
],
"id": "CVE-2020-4146",
"lastModified": "2024-11-21T05:32:18.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-12T16:15:07.860",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4140
Vulnerability from fkie_nvd - Published: 2021-11-12 16:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/174052 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6515054 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/174052 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6515054 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System versi\u00f3n 3.1.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 174052"
}
],
"id": "CVE-2020-4140",
"lastModified": "2024-11-21T05:32:18.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-12T16:15:07.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0172
Vulnerability from fkie_nvd - Published: 2018-04-10 15:29 - Updated: 2024-11-21 02:22
Severity ?
Summary
IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21699472 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21699472 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 y 3.1.1 permite que atacantes remotos omitan las restricciones de seguridad planeadas y, por lo tanto, ejecuten comandos sin especificar y obtengan informaci\u00f3n sensible mediante vectores sin especificar. IBM X-Force ID: 100927."
}
],
"id": "CVE-2015-0172",
"lastModified": "2024-11-21T02:22:29.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-10T15:29:00.940",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0162
Vulnerability from fkie_nvd - Published: 2017-09-20 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/74038 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/100865 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://www-01.ibm.com/support/docview.wss?uid=swg21700012 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74038 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/100865 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www-01.ibm.com/support/docview.wss?uid=swg21700012 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System en las versiones 3.0, 3.1 y 3.1.1 permite que los usuarios locales obtengan privilegios."
}
],
"id": "CVE-2015-0162",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T18:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0171
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios remotos autenticados escribir en ficheros arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0171",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T14:59:15.247",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0170
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de datos en cach\u00e9."
}
],
"id": "CVE-2015-0170",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T14:59:14.310",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0169
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios remotos autenticados inyectar argumentos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0169",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T14:59:13.340",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0168
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0168",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-25T14:59:12.357",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0161
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0161",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T14:59:11.577",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0160
Vulnerability from fkie_nvd - Published: 2015-05-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_siteprotector_system | 3.0 | |
| ibm | security_siteprotector_system | 3.0.0.1 | |
| ibm | security_siteprotector_system | 3.0.0.2 | |
| ibm | security_siteprotector_system | 3.0.0.3 | |
| ibm | security_siteprotector_system | 3.0.0.4 | |
| ibm | security_siteprotector_system | 3.0.0.5 | |
| ibm | security_siteprotector_system | 3.0.0.6 | |
| ibm | security_siteprotector_system | 3.1.0.0 | |
| ibm | security_siteprotector_system | 3.1.0.1 | |
| ibm | security_siteprotector_system | 3.1.0.2 | |
| ibm | security_siteprotector_system | 3.1.0.3 | |
| ibm | security_siteprotector_system | 3.1.1.0 | |
| ibm | security_siteprotector_system | 3.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0811434-A0CD-4C68-9988-42138C07EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15A710-0F50-4B96-8A41-8191F3C13FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F28CD6-F183-46FA-A1F6-DCE3F1676A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F4CBC-CD3E-499E-9BC1-5630BF7FCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B32B8B2-CA0E-48F6-9E98-26A8C98FD201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E414BA-E27E-4FC9-A9D0-8A4B55FA400B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31932A-0684-43B5-8154-5656E9CEE0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79A76A4F-1D7D-45B1-8EB3-B1F9E587F9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE1170B-4D43-45BE-81B4-2E581AF6CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401ADE14-44D9-4289-9DE2-1F3878293CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67BB3D-A3CE-4804-86CA-0D46CA79900C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2007611-D3CD-4999-BCD1-9629C33F9C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_siteprotector_system:3.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01C1444A-A8D5-4070-89E0-95E07FBC61F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Security SiteProtector System 3.0 anterior a 3.0.0.7, 3.1 anterior a 3.1.0.4, y 3.1.1 anterior a 3.1.1.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios SYSTEM a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0160",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T14:59:10.730",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4150 (GCVE-0-2020-4150)
Vulnerability from cvelistv5 – Published: 2022-07-11 17:05 – Updated: 2024-09-16 19:46
VLAI?
Summary
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2022-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/I:N/PR:N/A:N/AC:H/S:C/AV:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T17:05:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-10T00:00:00",
"ID": "CVE-2020-4150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6602547",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6602547 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4150",
"datePublished": "2022-07-11T17:05:17.208068Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:46:42.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4138 (GCVE-0-2020-4138)
Vulnerability from cvelistv5 – Published: 2022-07-11 17:05 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2022-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/AC:L/A:N/PR:N/UI:N/I:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T17:05:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-10T00:00:00",
"ID": "CVE-2020-4138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6602547",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6602547 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4138",
"datePublished": "2022-07-11T17:05:12.862768Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:39:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4146 (GCVE-0-2020-4146)
Vulnerability from cvelistv5 – Published: 2021-11-12 15:20 – Updated: 2024-09-16 22:01
VLAI?
Summary
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2021-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing \u0027HttpOnly\u0027 flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:N/UI:N/C:L/S:C/AC:H/I:N/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T15:20:20",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-10T00:00:00",
"ID": "CVE-2020-4146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing \u0027HttpOnly\u0027 flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6515056",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6515056 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4146",
"datePublished": "2021-11-12T15:20:20.714116Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:01:31.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4140 (GCVE-0-2020-4140)
Vulnerability from cvelistv5 – Published: 2021-11-12 15:20 – Updated: 2024-09-17 01:41
VLAI?
Summary
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2021-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/UI:R/AV:N/C:L/S:C/I:L/AC:L/PR:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T15:20:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-10T00:00:00",
"ID": "CVE-2020-4140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6515054",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6515054 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4140",
"datePublished": "2021-11-12T15:20:19.203661Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:41:58.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0172 (GCVE-0-2015-0172)
Vulnerability from cvelistv5 – Published: 2018-04-10 15:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0172",
"datePublished": "2018-04-10T15:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0162 (GCVE-0-2015-0162)
Vulnerability from cvelistv5 – Published: 2017-09-20 18:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "74038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74038"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0162",
"datePublished": "2017-09-20T18:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0160 (GCVE-0-2015-0160)
Vulnerability from cvelistv5 – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0160",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0161 (GCVE-0-2015-0161)
Vulnerability from cvelistv5 – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0161",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0169 (GCVE-0-2015-0169)
Vulnerability from cvelistv5 – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0169",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4150 (GCVE-0-2020-4150)
Vulnerability from nvd – Published: 2022-07-11 17:05 – Updated: 2024-09-16 19:46
VLAI?
Summary
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2022-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/I:N/PR:N/A:N/AC:H/S:C/AV:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T17:05:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-10T00:00:00",
"ID": "CVE-2020-4150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6602547",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6602547 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204150-info-disc (174142)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4150",
"datePublished": "2022-07-11T17:05:17.208068Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:46:42.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4138 (GCVE-0-2020-4138)
Vulnerability from nvd – Published: 2022-07-11 17:05 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2022-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/AC:L/A:N/PR:N/UI:N/I:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T17:05:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-10T00:00:00",
"ID": "CVE-2020-4138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6602547",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6602547 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6602547"
},
{
"name": "ibm-siteprotector-cve20204138-info-disc (174049)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4138",
"datePublished": "2022-07-11T17:05:12.862768Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:39:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4146 (GCVE-0-2020-4146)
Vulnerability from nvd – Published: 2021-11-12 15:20 – Updated: 2024-09-16 22:01
VLAI?
Summary
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2021-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing \u0027HttpOnly\u0027 flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:N/UI:N/C:L/S:C/AC:H/I:N/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T15:20:20",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-10T00:00:00",
"ID": "CVE-2020-4146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing \u0027HttpOnly\u0027 flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6515056",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6515056 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6515056"
},
{
"name": "ibm-siteprotector-cve20204146-info-disc (174129)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4146",
"datePublished": "2021-11-12T15:20:20.714116Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:01:31.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4140 (GCVE-0-2020-4140)
Vulnerability from nvd – Published: 2021-11-12 15:20 – Updated: 2024-09-17 01:41
VLAI?
Summary
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security SiteProtector System |
Affected:
3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security SiteProtector System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1.1"
}
]
}
],
"datePublic": "2021-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/UI:R/AV:N/C:L/S:C/I:L/AC:L/PR:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T15:20:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-10T00:00:00",
"ID": "CVE-2020-4140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security SiteProtector System",
"version": {
"version_data": [
{
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6515054",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6515054 (Security SiteProtector System)",
"url": "https://www.ibm.com/support/pages/node/6515054"
},
{
"name": "ibm-siteprotector-cve20204140-xss (174052)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4140",
"datePublished": "2021-11-12T15:20:19.203661Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:41:58.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0172 (GCVE-0-2015-0172)
Vulnerability from nvd – Published: 2018-04-10 15:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0172",
"datePublished": "2018-04-10T15:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0162 (GCVE-0-2015-0162)
Vulnerability from nvd – Published: 2017-09-20 18:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "74038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74038"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21700012"
},
{
"name": "ibm-siteprotector-cve20150162-priv-esc(100865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0162",
"datePublished": "2017-09-20T18:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0160 (GCVE-0-2015-0160)
Vulnerability from nvd – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0160",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0161 (GCVE-0-2015-0161)
Vulnerability from nvd – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0161",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0169 (GCVE-0-2015-0169)
Vulnerability from nvd – Published: 2015-05-25 14:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0169",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}