Search criteria
39 vulnerabilities found for marketing_platform by ibm
FKIE_CVE-2017-1107
Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2024-11-21 03:21
Severity ?
Summary
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108918 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/120906 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10887815 | Broken Link, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108918 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/120906 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10887815 | Broken Link, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0.0 | |
| ibm | marketing_platform | 9.1.2 | |
| ibm | marketing_platform | 10.0 | |
| ibm | marketing_platform | 10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D695B1C-958A-49A9-87DE-D8A53D5B6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A394A760-E812-4D3C-9B00-F55EEA03CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "345B35F7-541A-47B0-9B8B-20AEEB876EBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906."
},
{
"lang": "es",
"value": "Las versiones 9.1.0, 9.1.2, 10.0, y 10.1 de IBM Marketing Platform exponen informaci\u00f3n sensible en las cabeceras que podr\u00eda ser usado por un atacante autenticado en futuros ataques contra el sistema. ID de IBM X-Force:120906."
}
],
"id": "CVE-2017-1107",
"lastModified": "2024-11-21T03:21:20.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T14:15:10.740",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108918"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1424
Vulnerability from fkie_nvd - Published: 2018-12-07 16:29 - Updated: 2024-11-21 03:59
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10744217 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106201 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/139029 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10744217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106201 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/139029 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0 | |
| ibm | marketing_platform | 9.1.2 | |
| ibm | marketing_platform | 10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E624B3E2-538B-42C8-AF04-408D6BFAF6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D695B1C-958A-49A9-87DE-D8A53D5B6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "345B35F7-541A-47B0-9B8B-20AEEB876EBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
},
{
"lang": "es",
"value": "Las versiones 9.1.0, 9.1.2 y 10.1 de IBM Marketing Platform son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 139029."
}
],
"id": "CVE-2018-1424",
"lastModified": "2024-11-21T03:59:47.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T16:29:00.303",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1920
Vulnerability from fkie_nvd - Published: 2018-12-07 16:29 - Updated: 2024-11-21 04:00
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10744217 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106201 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152855 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10744217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106201 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152855 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0 | |
| ibm | marketing_platform | 9.1.2 | |
| ibm | marketing_platform | 10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E624B3E2-538B-42C8-AF04-408D6BFAF6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D695B1C-958A-49A9-87DE-D8A53D5B6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "345B35F7-541A-47B0-9B8B-20AEEB876EBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855."
},
{
"lang": "es",
"value": "Las versiones 9.1.0, 9.1.2 y 10.1 de IBM Marketing Platform son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 152855."
}
],
"id": "CVE-2018-1920",
"lastModified": "2024-11-21T04:00:35.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T16:29:00.583",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6112
Vulnerability from fkie_nvd - Published: 2017-05-22 20:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 8.6.0.0 | |
| ibm | marketing_platform | 9.0.0.0 | |
| ibm | marketing_platform | 9.1.0.0 | |
| ibm | marketing_platform | 9.1.2.0 | |
| ibm | marketing_platform | 10.0 | |
| ibm | marketing_operations | 8.6.0.0 | |
| ibm | marketing_operations | 9.0.0.0 | |
| ibm | marketing_operations | 9.1.0.0 | |
| ibm | marketing_operations | 10.0.0.0 | |
| ibm | distributed_marketing | 8.6.0.0 | |
| ibm | distributed_marketing | 9.0.0.0 | |
| ibm | distributed_marketing | 9.1.0.0 | |
| ibm | distributed_marketing | 10.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A5AFAE-62C2-4606-8173-862BE8575821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFD0672-3CA3-41C4-B20C-884DF334A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "805E751A-E060-48BC-B98A-5EBDA75DBCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A394A760-E812-4D3C-9B00-F55EEA03CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_operations:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFA73E2-B8C4-494F-B894-D25A024B4559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_operations:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E41E05D9-5E80-42F3-B7A3-C1933EB5D873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_operations:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB557416-74AD-4E44-8440-1DEBD90AEC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_operations:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4655821-4F02-4B21-B451-F627ECADAED1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:distributed_marketing:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67832F29-CC33-43DE-BE61-5534B2DCD03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:distributed_marketing:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "286F79AB-AE7E-4A30-9290-7F197268203E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:distributed_marketing:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E69AC4F-A5CB-4270-9AE7-706D4D59F61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:distributed_marketing:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E63FD79-9964-45C8-BE39-22D37ACECECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
},
{
"lang": "es",
"value": "IBM Distributed Marketing y Marketing Platform 8.6, 9.0, 9.1 y 10.0 podr\u00eda permitir a un usuario autenticado escalar sus privilegios y obtener permisos administrativos sobre la aplicaci\u00f3n web. IBM X-Force ID: 118282."
}
],
"id": "CVE-2016-6112",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T20:29:00.173",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0255
Vulnerability from fkie_nvd - Published: 2017-05-05 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001950 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98336 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001950 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98336 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1 | |
| ibm | marketing_platform | 9.1.1 | |
| ibm | marketing_platform | 9.1.2 | |
| ibm | marketing_platform | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05558B4D-FAEB-4D25-A7BE-9946FE643200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA58BAA3-7811-4F95-9CEF-685C9D412B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D695B1C-958A-49A9-87DE-D8A53D5B6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A394A760-E812-4D3C-9B00-F55EEA03CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 110564."
},
{
"lang": "es",
"value": "IBM Marketing Platform 9.1 y 10.0 es vulnerable a secuencias de comandos en sitios cruzados almacenados, provocado por la validaci\u00f3n incorrecta de la entrada suministrada por el usuario. Un atacante remoto podr\u00eda explotar la vulnerabilidad para inyectar c\u00f3digo malicioso en la p\u00e1gina web, el cual se podr\u00eda ejecutar en el navegador de la v\u00edctima en el contexto del hosting, una vez que dicha p\u00e1gina sea visualizada. Un atacante podr\u00eda utilizar esta vulnerabilidad para robar credenciales de autenticaci\u00f3n basados en cookies. IBM X-Force ID: 110564."
}
],
"id": "CVE-2016-0255",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-05T19:29:00.170",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98336"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0228
Vulnerability from fkie_nvd - Published: 2017-04-17 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001952 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97670 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001952 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97670 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A394A760-E812-4D3C-9B00-F55EEA03CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236."
},
{
"lang": "es",
"value": "IBM Marketing Platform 10.0 podr\u00eda permitir a un atacante remoto realizar ataques de phising, provocados por una vulnerabilidad de redirecci\u00f3n abierta en varios scripts. Un atacante podr\u00eda explotar esta vulnerabilidad para redirigir a una v\u00edctima a sitios web arbitrarios. IBM X-Force ID: 110236."
}
],
"id": "CVE-2016-0228",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-17T21:59:00.170",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97670"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0233
Vulnerability from fkie_nvd - Published: 2016-06-28 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3161F3-A43D-455C-9BE6-4AA6B5363083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D7CF9F-32CB-447A-AEE7-1B059FDFDF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC3B584-90EE-4134-9314-8A9BA94ED083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A075D2-0BC4-4396-A919-4B1DF5F4E320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD936D0-B78C-4D87-99D4-A9839FE1CB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5631D0-1F31-472F-AA3A-EF9EE992BC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B4585B97-A23B-496B-BCCF-24C19C784286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39FFCE00-A09C-4199-8E2C-131A2410ABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A5AFAE-62C2-4606-8173-862BE8575821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "357ACDBE-4F06-4615-9BAC-22E8478D1717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5BD3CC-0948-4399-999C-0D7F5DCA5F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5D103A-28C0-453A-ABE6-5DF8425D327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8AAC6A-E167-4C4C-8E4D-409F34F0FBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69C12D6B-05BD-4670-9C73-AC4542304F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3EED3-7BF5-4F40-8816-3E8C04F352A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC2A982-678B-408B-B09D-DD3D863D8EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97D36426-0C6E-456B-BA2A-DDB4CBF1E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58CCE55A-2BA8-492F-9C12-49AE56A6DEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "40715129-7D5F-484B-8861-AE53064DAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "71492B73-FDEE-4561-952A-FA1F46A4DFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFD0672-3CA3-41C4-B20C-884DF334A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A662F54-F0F9-4239-BBC3-C17A75FF3491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41314C92-FBED-4CB4-AA06-6C14D029D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94D1CF26-6847-4716-87F8-E32A157559FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54378D54-CC1E-434D-875E-0B1219F99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7E7373-2D69-4FA4-ACC4-CA52AE47BECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DD0AF-9DA3-40EA-8FF3-6E4014543CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E038679-FC2F-44D3-B889-22CDE0C86957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8DAAF9-3D37-4A7E-B3A0-52FE224AA333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93F88B-D31C-455D-AD52-D05D433C37A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F8524E66-9979-4905-9DCF-0293ACC8D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D781DD-41B8-41C0-B673-B42513083090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "94404D2B-7D1F-4BF3-9EE3-0112BDF7B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D29AE58D-A319-434B-B8D8-DF3FC4F752EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E10908ED-0434-4D1B-A246-EAE4A1854A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F8468-8FCB-4E35-8C10-3F7E70F459E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35BA6952-0713-4671-8B44-6B97D3AA9237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE32557-7EA0-4CCB-B202-252DE8C7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0796CA17-4462-452B-B6CB-B5D91330F91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "805E751A-E060-48BC-B98A-5EBDA75DBCFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Marketing Platform 8.5.x, 8.6.x y 9.x en versiones anteriores a 9.1.2.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0233",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-28T01:59:02.877",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0229
Vulnerability from fkie_nvd - Published: 2016-06-28 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A5AFAE-62C2-4606-8173-862BE8575821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "357ACDBE-4F06-4615-9BAC-22E8478D1717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5BD3CC-0948-4399-999C-0D7F5DCA5F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5D103A-28C0-453A-ABE6-5DF8425D327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8AAC6A-E167-4C4C-8E4D-409F34F0FBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69C12D6B-05BD-4670-9C73-AC4542304F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3EED3-7BF5-4F40-8816-3E8C04F352A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC2A982-678B-408B-B09D-DD3D863D8EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97D36426-0C6E-456B-BA2A-DDB4CBF1E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58CCE55A-2BA8-492F-9C12-49AE56A6DEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "40715129-7D5F-484B-8861-AE53064DAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "71492B73-FDEE-4561-952A-FA1F46A4DFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFD0672-3CA3-41C4-B20C-884DF334A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A662F54-F0F9-4239-BBC3-C17A75FF3491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41314C92-FBED-4CB4-AA06-6C14D029D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94D1CF26-6847-4716-87F8-E32A157559FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54378D54-CC1E-434D-875E-0B1219F99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7E7373-2D69-4FA4-ACC4-CA52AE47BECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DD0AF-9DA3-40EA-8FF3-6E4014543CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E038679-FC2F-44D3-B889-22CDE0C86957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8DAAF9-3D37-4A7E-B3A0-52FE224AA333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93F88B-D31C-455D-AD52-D05D433C37A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F8524E66-9979-4905-9DCF-0293ACC8D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D781DD-41B8-41C0-B673-B42513083090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "94404D2B-7D1F-4BF3-9EE3-0112BDF7B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D29AE58D-A319-434B-B8D8-DF3FC4F752EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E10908ED-0434-4D1B-A246-EAE4A1854A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F8468-8FCB-4E35-8C10-3F7E70F459E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35BA6952-0713-4671-8B44-6B97D3AA9237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE32557-7EA0-4CCB-B202-252DE8C7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0796CA17-4462-452B-B6CB-B5D91330F91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "805E751A-E060-48BC-B98A-5EBDA75DBCFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Marketing Platform 8.6.x y 9.x en versiones anteriores a 9.1.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-0229",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-28T01:59:01.610",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0224
Vulnerability from fkie_nvd - Published: 2016-06-28 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3161F3-A43D-455C-9BE6-4AA6B5363083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D7CF9F-32CB-447A-AEE7-1B059FDFDF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC3B584-90EE-4134-9314-8A9BA94ED083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A075D2-0BC4-4396-A919-4B1DF5F4E320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD936D0-B78C-4D87-99D4-A9839FE1CB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5631D0-1F31-472F-AA3A-EF9EE992BC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B4585B97-A23B-496B-BCCF-24C19C784286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39FFCE00-A09C-4199-8E2C-131A2410ABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A5AFAE-62C2-4606-8173-862BE8575821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "357ACDBE-4F06-4615-9BAC-22E8478D1717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5BD3CC-0948-4399-999C-0D7F5DCA5F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5D103A-28C0-453A-ABE6-5DF8425D327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8AAC6A-E167-4C4C-8E4D-409F34F0FBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69C12D6B-05BD-4670-9C73-AC4542304F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3EED3-7BF5-4F40-8816-3E8C04F352A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC2A982-678B-408B-B09D-DD3D863D8EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97D36426-0C6E-456B-BA2A-DDB4CBF1E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58CCE55A-2BA8-492F-9C12-49AE56A6DEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "40715129-7D5F-484B-8861-AE53064DAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:8.6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "71492B73-FDEE-4561-952A-FA1F46A4DFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFD0672-3CA3-41C4-B20C-884DF334A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A662F54-F0F9-4239-BBC3-C17A75FF3491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41314C92-FBED-4CB4-AA06-6C14D029D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94D1CF26-6847-4716-87F8-E32A157559FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54378D54-CC1E-434D-875E-0B1219F99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7E7373-2D69-4FA4-ACC4-CA52AE47BECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DD0AF-9DA3-40EA-8FF3-6E4014543CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E038679-FC2F-44D3-B889-22CDE0C86957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8DAAF9-3D37-4A7E-B3A0-52FE224AA333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93F88B-D31C-455D-AD52-D05D433C37A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F8524E66-9979-4905-9DCF-0293ACC8D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D781DD-41B8-41C0-B673-B42513083090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "94404D2B-7D1F-4BF3-9EE3-0112BDF7B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D29AE58D-A319-434B-B8D8-DF3FC4F752EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E10908ED-0434-4D1B-A246-EAE4A1854A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F8468-8FCB-4E35-8C10-3F7E70F459E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35BA6952-0713-4671-8B44-6B97D3AA9237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE32557-7EA0-4CCB-B202-252DE8C7C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0796CA17-4462-452B-B6CB-B5D91330F91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "805E751A-E060-48BC-B98A-5EBDA75DBCFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Marketing Platform 8.5.x, 8.6.x y 9.x en versiones anteriores a 9.1.2.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0224",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-28T01:59:00.203",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6310
Vulnerability from fkie_nvd - Published: 2014-06-28 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0.0 | |
| ibm | marketing_platform | 9.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Marketing Platform 9.1 anterior a FP2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6310",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-28T00:55:03.220",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88560"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6308
Vulnerability from fkie_nvd - Published: 2014-06-28 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0.0 | |
| ibm | marketing_platform | 9.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection."
},
{
"lang": "es",
"value": "IBM Marketing Platform 9.1 anterior a FP2 permite a usuarios remotos autenticados realizar ataques de phishing y capturar credenciales de inicio de sesi\u00f3n a trav\u00e9s de una inyecci\u00f3n no especificada."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/601.html\n\n\"CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"",
"id": "CVE-2013-6308",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-28T00:55:03.097",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88558"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6311
Vulnerability from fkie_nvd - Published: 2014-06-28 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | marketing_platform | 9.1.0.0 | |
| ibm | marketing_platform | 9.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A0E390-060B-4037-BD87-B0F96DE21CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:marketing_platform:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951B45A9-07B1-4A2A-8A56-DF6A36DA689E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Marketing Platform 9.1 anterior a FP2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6311",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-28T00:55:03.283",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88561"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-1107 (GCVE-0-2017-1107)
Vulnerability from cvelistv5 – Published: 2019-06-19 13:30 – Updated: 2024-09-17 03:03
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 10.0 Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/C:L/I:N/PR:L/AV:N/UI:N/A:N/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-28T08:06:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2017-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "10.0"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887815",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887815 (Marketing Platform)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1107",
"datePublished": "2019-06-19T13:30:19.654326Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:03:10.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1424 (GCVE-0-2018-1424)
Vulnerability from cvelistv5 – Published: 2018-12-07 16:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1424",
"datePublished": "2018-12-07T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T16:13:08.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1920 (GCVE-0-2018-1920)
Vulnerability from cvelistv5 – Published: 2018-12-07 16:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1920",
"datePublished": "2018-12-07T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:22:54.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6112 (GCVE-0-2016-6112)
Vulnerability from cvelistv5 – Published: 2017-05-22 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
],
"datePublic": "2017-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6112",
"datePublished": "2017-05-22T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0255 (GCVE-0-2016-0255)
Vulnerability from cvelistv5 – Published: 2017-05-05 19:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
9.1, 9.1.1, 9.1.2, 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
],
"datePublic": "2017-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 110564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-09T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 110564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98336"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001950",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0255",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0228 (GCVE-0-2016-0228)
Vulnerability from cvelistv5 – Published: 2017-04-17 21:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001952",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0228",
"datePublished": "2017-04-17T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0233 (GCVE-0-2016-0233)
Vulnerability from cvelistv5 – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0233",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0224 (GCVE-0-2016-0224)
Vulnerability from cvelistv5 – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0224",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0229 (GCVE-0-2016-0229)
Vulnerability from cvelistv5 – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:22.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0229",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:22.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1107 (GCVE-0-2017-1107)
Vulnerability from nvd – Published: 2019-06-19 13:30 – Updated: 2024-09-17 03:03
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 10.0 Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/C:L/I:N/PR:L/AV:N/UI:N/A:N/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-28T08:06:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2017-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "10.0"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887815",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887815 (Marketing Platform)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887815"
},
{
"name": "ibm-marketing-cve20171107-info-disc (120906)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906"
},
{
"name": "108918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1107",
"datePublished": "2019-06-19T13:30:19.654326Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:03:10.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1424 (GCVE-0-2018-1424)
Vulnerability from nvd – Published: 2018-12-07 16:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name": "106201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1424",
"datePublished": "2018-12-07T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T16:13:08.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1920 (GCVE-0-2018-1920)
Vulnerability from nvd – Published: 2018-12-07 16:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Marketing Platform |
Affected:
9.1.2
Affected: 9.1.0 Affected: 10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.1.0"
},
{
"status": "affected",
"version": "10.1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "106201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name": "ibm-marketing-cve20181920-xxe(152855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1920",
"datePublished": "2018-12-07T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:22:54.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6112 (GCVE-0-2016-6112)
Vulnerability from nvd – Published: 2017-05-22 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
],
"datePublic": "2017-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6112",
"datePublished": "2017-05-22T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0255 (GCVE-0-2016-0255)
Vulnerability from nvd – Published: 2017-05-05 19:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
9.1, 9.1.1, 9.1.2, 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
],
"datePublic": "2017-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 110564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-09T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim\u0027s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IBM X-Force ID: 110564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98336"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001950",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0255",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0228 (GCVE-0-2016-0228)
Vulnerability from nvd – Published: 2017-04-17 21:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Marketing Platform |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marketing Platform",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2017-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001952",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001952"
},
{
"name": "97670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0228",
"datePublished": "2017-04-17T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0233 (GCVE-0-2016-0233)
Vulnerability from nvd – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0233",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0224 (GCVE-0-2016-0224)
Vulnerability from nvd – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0224",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0229 (GCVE-0-2016-0229)
Vulnerability from nvd – Published: 2016-06-28 01:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:22.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-28T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0229",
"datePublished": "2016-06-28T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:22.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}