All the vulnerabilites related to ibm - tivoli_application_dependency_discovery_manager
Vulnerability from fkie_nvd
Published
2018-05-24 21:29
Modified
2024-11-21 01:52
Severity ?
Summary
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21672403 | Mitigation, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21672403 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * | |
| ibm | tivoli_application_dependency_discovery_manager | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8D0E90-19A1-4A4C-9769-69C11ACEE02C",
"versionEndIncluding": "7.2.1.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63109B94-D137-457D-9518-6E2A8B5C59BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web AXIS en deploy-tomcat/axis en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versi\u00f3n 7.2.0 a la 7.2.1.4 permite que atacantes remotos obtengan informaci\u00f3n sensible de configuraci\u00f3n mediante una petici\u00f3n directa, tal y como queda demostrado con happyaxis.jsp. IBM X-Force ID: 84354."
}
],
"id": "CVE-2013-3018",
"lastModified": "2024-11-21T01:52:50.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T21:29:00.260",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84354"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:00
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10742403 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/145110 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10742403 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/145110 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * | |
| ibm | tivoli_application_dependency_discovery_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE44F0AC-0DA0-4E71-870D-388AC547ADA7",
"versionEndIncluding": "7.2.2.5",
"versionStartIncluding": "7.2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D9255D-1453-4F01-B58B-ABD719F86027",
"versionEndIncluding": "7.3.0.5",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podr\u00eda exponer hashes de contrase\u00f1a almacenados en la memoria del sistema en los sistemas objetivo que est\u00e1n configurados para emplear TADDM. IBM X-Force ID: 145110."
}
],
"id": "CVE-2018-1675",
"lastModified": "2024-11-21T04:00:11.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:00.377",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-14 16:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D94F8A60-5DBE-48F7-B4A6-AB10E869B710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDE9699-97D6-4D62-BD69-C55A3F5E1CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085117A2-6547-47D8-ABE9-8615C96F9909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76584B4F-6673-42DD-B560-5E2FAE871389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0686B0E-607B-42F9-A0E9-F4D0F8785016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01EEF911-9450-4235-A433-F3780E61A483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8EF178-CB38-4EF2-9378-3921FA4767B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBABEFFE-A406-494E-86C8-55EBE0AD34D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA5F2B-58C1-4BE1-8BD2-8EE2A6B62E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podr\u00eda permitir a un atacante remoto leer archivos del sistema o datos que est\u00e9n restringidos a usuarios autorizados. IBM X-Force ID: 118539."
}
],
"id": "CVE-2016-8926",
"lastModified": "2024-11-21T03:00:18.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T16:59:00.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C95C26D6-183C-478D-9301-513DAB774616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F659C-C466-4337-8552-154EC7652BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B4388-6AAB-436D-9F21-5CDA8BE20A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C610817E-069B-42BF-84F1-A55EF30FF15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BAD402-6022-4D72-839A-A92B984278D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "186660BD-4B0F-4A2A-A6A6-1E61FB61BF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "152727A5-7CA6-4AF8-A42A-1049BFB9AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B9801F07-7AA8-4F76-B1B8-90271CB0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "757D89F2-7C6D-4213-89EF-DE766D161B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticaci\u00f3n TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de la base de datos a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6148",
"lastModified": "2024-11-21T02:13:51.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-31T10:55:02.330",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70842"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:54
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*",
"matchCriteriaId": "04C71221-E477-4DF8-B10A-3AC64511E4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*",
"matchCriteriaId": "FF7DE0E6-F329-417B-8035-B4EBF9C97483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*",
"matchCriteriaId": "220536FA-695D-4DE8-9813-494E3D061B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*",
"matchCriteriaId": "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*",
"matchCriteriaId": "4F6B5E73-6751-475A-B9BF-3414D3476208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*",
"matchCriteriaId": "7CB654DC-1D3D-4475-8815-335AC573F54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF26274E-5364-4FC1-9603-A78C365596DB",
"versionEndIncluding": "r27.7.6",
"versionStartIncluding": "r27.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "583E7A18-48C5-4AEE-A9C1-239D678E275A",
"versionEndIncluding": "r28.2.8",
"versionStartIncluding": "r28.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF65201D-8980-450A-A542-3B5473A6F374",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E179FC2F-C700-4998-9D7A-3B945874CAC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "474DC3BA-27F2-452A-85AD-BCC476EDD35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "997CA07C-EBB7-4D7F-AF23-A161817BF4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFE87FC-7B77-4840-8185-1707CB37323B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DD8B3-A227-4350-8699-FEC822119393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "420CC5FF-0300-4FA7-AB53-78C1A0B83C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7132A0E-C2A1-403E-9516-A6911563D7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA797-ED68-426E-9370-E16C90075E01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
"matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79D7DBBA-6849-45F7-AFEF-C765569C481A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2C634990-2690-4E3B-B21F-6687A6A34644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "CED02712-1031-4206-AC4D-E68710F46EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
"matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
"matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD62E4-794A-43C0-8C65-A44D970D1569",
"versionEndExcluding": "2.12.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
},
{
"lang": "es",
"value": "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML."
}
],
"id": "CVE-2013-4002",
"lastModified": "2024-11-21T01:54:41.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-23T11:03:19.790",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56257"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5982"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61310"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"source": "psirt@us.ibm.com",
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
},
{
"source": "psirt@us.ibm.com",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "psirt@us.ibm.com",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "psirt@us.ibm.com",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-01 18:29
Modified
2024-11-21 01:54
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www-01.ibm.com/support/docview.wss?uid=swg21672253 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www-01.ibm.com/support/docview.wss?uid=swg21672253 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * | |
| ibm | tivoli_application_dependency_discovery_manager | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0254D0EA-1382-43E8-BE1A-FE8CAFE76626",
"versionEndIncluding": "7.2.1.4",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63109B94-D137-457D-9518-6E2A8B5C59BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones 7.1.2.x anteriores a la 7.2.1.5 y versiones 7.2.x anteriores a la 7.2.2.0 en Unix emplea permisos d\u00e9biles (755) para archivos de configuraci\u00f3n y de registro sin especificar, lo que permite que usuarios locales obtengan informaci\u00f3n sensible leyendo los archivos. IBM X-Force ID: 86176."
}
],
"id": "CVE-2013-4040",
"lastModified": "2024-11-21T01:54:46.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-01T18:29:00.320",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86176"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "757D89F2-7C6D-4213-89EF-DE766D161B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 hasta 7.2.1.6 y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6150",
"lastModified": "2024-11-21T02:13:52.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-31T10:55:02.377",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96920"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 13:15
Modified
2024-11-21 08:29
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7105139 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7105139 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17C50B97-4260-4C1E-9B20-0E312D22EEA4",
"versionEndExcluding": "7.3.0.11",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 a 7.3.0.10 es vulnerable a la inyecci\u00f3n de encabezados HTTP, causada por una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST. Esto podr\u00eda permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 270270."
}
],
"id": "CVE-2023-47143",
"lastModified": "2024-11-21T08:29:51.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T13:15:08.253",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270270"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-644"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-06 13:10
Modified
2024-11-21 01:45
Severity ?
Summary
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.0.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack."
},
{
"lang": "es",
"value": "La configuraci\u00f3n SSL en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x anterior a v7.2.1.4 soporta el algoritmo de HASH MD5, lo que hace sencillo para atacantes de hombre en medio (man-in-the-middle) falsificar servidores y descifrar tr\u00e1fico mediante ataques por fuerza-bruta."
}
],
"id": "CVE-2012-5770",
"lastModified": "2024-11-21T01:45:11.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-06T13:10:25.500",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 13:15
Modified
2024-11-21 08:29
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/270271 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7105139 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/270271 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7105139 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17C50B97-4260-4C1E-9B20-0E312D22EEA4",
"versionEndExcluding": "7.3.0.11",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 a 7.3.0.10 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 270271."
}
],
"id": "CVE-2023-47144",
"lastModified": "2024-11-21T08:29:51.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T13:15:08.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270271"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-29 05:37
Modified
2024-11-21 01:52
Severity ?
Summary
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.2 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.3 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL."
},
{
"lang": "es",
"value": "El visor BIRT de IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x anterior a la versi\u00f3n 7.2.1.5 permite a usuarios remotos autenticados evadir las comprobaciones de autorizaci\u00f3n y obtener privilegios de report-administration, y consecuentemente crear o eliminar reportes o llevar a cabo ataques de inyecci\u00f3n de SQL, a trav\u00e9s de par\u00e1metros manipulados hacia BIRT."
}
],
"id": "CVE-2013-2974",
"lastModified": "2024-11-21T01:52:46.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-29T05:37:02.687",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662955"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83877"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-06 13:10
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.0.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en welcome.do en el Data Management Portal Web User Interface en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x anterior a v7.2.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL especialmente dise\u00f1ada."
}
],
"id": "CVE-2012-5939",
"lastModified": "2024-11-21T01:45:33.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-06T13:10:25.593",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 18:55
Modified
2024-11-21 01:52
Severity ?
Summary
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63109B94-D137-457D-9518-6E2A8B5C59BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4273C6E0-8BB0-40C7-8DC7-E287BE88A6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5838754E-DD4E-461D-BB8E-C73672F3DFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "689AB0EE-5214-4AE2-8347-50267E3E3093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E66EB498-B3FB-42D8-838E-F0E0FBB1A077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D26C25F2-FE82-410C-A452-0B4ACCF2D597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "398D9406-3987-4D2E-8E25-00418805F9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C52D988-2E1C-4C04-96E1-F243387D8AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A308A7D-E074-4E34-BB7E-F1FAC06D8359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C95C26D6-183C-478D-9301-513DAB774616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F659C-C466-4337-8552-154EC7652BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B4388-6AAB-436D-9F21-5CDA8BE20A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C610817E-069B-42BF-84F1-A55EF30FF15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BAD402-6022-4D72-839A-A92B984278D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "186660BD-4B0F-4A2A-A6A6-1E61FB61BF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "152727A5-7CA6-4AF8-A42A-1049BFB9AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B9801F07-7AA8-4F76-B1B8-90271CB0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en BIRT-Report Viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x y 7.2.x anterior a 7.2.1.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3004",
"lastModified": "2024-11-21T01:52:49.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-01T18:55:04.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/68452"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84145"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-14 16:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97625 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97625 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D94F8A60-5DBE-48F7-B4A6-AB10E869B710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDE9699-97D6-4D62-BD69-C55A3F5E1CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085117A2-6547-47D8-ABE9-8615C96F9909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76584B4F-6673-42DD-B560-5E2FAE871389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0686B0E-607B-42F9-A0E9-F4D0F8785016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01EEF911-9450-4235-A433-F3780E61A483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8EF178-CB38-4EF2-9378-3921FA4767B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBABEFFE-A406-494E-86C8-55EBE0AD34D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA5F2B-58C1-4BE1-8BD2-8EE2A6B62E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podr\u00edan permitir a un atacante remoto incluir archivos arbitrarios que podr\u00edan permitir al atacante leer cualquier archivo del sistema. IBM X-Force ID: 118538."
}
],
"id": "CVE-2016-8925",
"lastModified": "2024-11-21T03:00:18.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T16:59:00.267",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97625"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-14 16:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97629 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97629 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D94F8A60-5DBE-48F7-B4A6-AB10E869B710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDE9699-97D6-4D62-BD69-C55A3F5E1CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085117A2-6547-47D8-ABE9-8615C96F9909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76584B4F-6673-42DD-B560-5E2FAE871389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0686B0E-607B-42F9-A0E9-F4D0F8785016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01EEF911-9450-4235-A433-F3780E61A483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8EF178-CB38-4EF2-9378-3921FA4767B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBABEFFE-A406-494E-86C8-55EBE0AD34D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA5F2B-58C1-4BE1-8BD2-8EE2A6B62E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. IBM X-Force ID: 118540."
}
],
"id": "CVE-2016-8927",
"lastModified": "2024-11-21T03:00:18.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T16:59:00.330",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97629"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-24 21:29
Modified
2024-11-21 01:52
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21672388 | Mitigation, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21672388 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * | |
| ibm | tivoli_application_dependency_discovery_manager | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8D0E90-19A1-4A4C-9769-69C11ACEE02C",
"versionEndIncluding": "7.2.1.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63109B94-D137-457D-9518-6E2A8B5C59BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versi\u00f3n 7.2.0 a la 7.2.1.4 podr\u00eda permitir que atacantes remotos obtengan informaci\u00f3n sensible sobre credenciales Tomcat rastreando la web en busca de una sesi\u00f3n en la que se emplee HTTP. IBM X-Force ID: 84361."
}
],
"id": "CVE-2013-3023",
"lastModified": "2024-11-21T01:52:50.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T21:29:00.307",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84361"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 14:15
Modified
2024-11-21 08:29
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7105139 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7105139 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E196A63-7C6F-40A1-B04D-CB074A57BF67",
"versionEndIncluding": "7.3.0.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization\u0027s local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 a 7.3.0.10 podr\u00eda permitir que un atacante en la red local de la organizaci\u00f3n escale sus privilegios debido a un acceso API no autorizado. ID de IBM X-Force: 270267."
}
],
"id": "CVE-2023-47142",
"lastModified": "2024-11-21T08:29:51.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T14:15:54.013",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270267"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-29 10:55
Modified
2024-11-21 02:13
Severity ?
Summary
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A308A7D-E074-4E34-BB7E-F1FAC06D8359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C95C26D6-183C-478D-9301-513DAB774616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F659C-C466-4337-8552-154EC7652BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B4388-6AAB-436D-9F21-5CDA8BE20A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C610817E-069B-42BF-84F1-A55EF30FF15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9BFA83-02BE-4E7A-98A1-4BEC6B74949D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BAD402-6022-4D72-839A-A92B984278D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3C314050-B3BA-4AB6-A7C4-6E48CEEB6E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "186660BD-4B0F-4A2A-A6A6-1E61FB61BF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "152727A5-7CA6-4AF8-A42A-1049BFB9AB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B9801F07-7AA8-4F76-B1B8-90271CB0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "035E6C30-71E7-4EA9-A3C1-71BB371E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD5C82A-7E0E-4282-B9B1-0655670BD53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5695CA2C-7F34-4350-8C25-F5584ABCCCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42BFE717-10BC-4710-AFE9-1565F32C2450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "757D89F2-7C6D-4213-89EF-DE766D161B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CEAD-68EF-4E15-AC6A-ED04839E1F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D79C7CB3-DB2B-4E13-B4D8-25F90B0A057E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en BIRT-viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6149",
"lastModified": "2024-11-21T02:13:51.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-29T10:55:05.447",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70805"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96919"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-06 13:10
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.0.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3051563-70C2-432A-9874-6529362142B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27ECD8-CC5D-4974-AE3B-658D2871FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B45DA120-0BFB-4F0C-990B-34C0821B5583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administraci\u00f3n de Data Portal Web del usuario en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x antes de v7.2.1.4 que permite a usuarios remotos autenticados inyectar contenido, y llevar a cabo ataques de phishing, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5942",
"lastModified": "2024-11-21T01:45:33.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-06T13:10:25.637",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80537"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-15 15:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105135 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/140090 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22016659 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105135 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/140090 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22016659 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0686B0E-607B-42F9-A0E9-F4D0F8785016",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager en sus versiones 7.2.2 y 7.3 es vulnerable a ataques Cross-Site Request Forgery (CSRF). Esto podr\u00eda permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web conf\u00eda. IBM X-Force ID: 11029."
}
],
"id": "CVE-2018-1455",
"lastModified": "2024-11-21T03:59:51.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T15:29:00.250",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105135"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140090"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22016659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22016659"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-09 18:29
Modified
2024-11-21 01:52
Severity ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | * | |
| ibm | tivoli_application_dependency_discovery_manager | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A616C0-5D8E-4C7A-9C9D-59B8A848CD87",
"versionEndExcluding": "7.2.1.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63109B94-D137-457D-9518-6E2A8B5C59BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353."
},
{
"lang": "es",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones anteriores a la 7.2.1.5 y 7.2.x anteriores a la 7.2.2 facilita que los atacantes remotos sorteen los mecanismo de protecci\u00f3n criptogr\u00e1fica aprovechando que soporta cifrados SSL d\u00e9biles. IBM X-Force ID: 84353."
}
],
"id": "CVE-2013-3017",
"lastModified": "2024-11-21T01:52:50.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-09T18:29:00.403",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-4002
Vulnerability from cvelistv5
Published
2013-07-23 10:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC98015",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"name": "RHSA-2013:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name": "RHSA-2014:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "RHSA-2013:1447",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"name": "RHSA-2015:0765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "RHSA-2013:1440",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "61310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61310"
},
{
"name": "RHSA-2015:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name": "RHSA-2015:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "SUSE-SU-2013:1257",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "USN-2033-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"name": "USN-2089-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "SUSE-SU-2013:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"name": "HPSBUX02944",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"name": "RHSA-2013:1505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"name": "HPSBUX02943",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"name": "RHSA-2014:1822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"name": "56257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56257"
},
{
"name": "SUSE-SU-2013:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"name": "RHSA-2013:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"name": "RHSA-2014:1823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"name": "openSUSE-SU-2013:1663",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"name": "SUSE-SU-2013:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"name": "APPLE-SA-2013-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"name": "SUSE-SU-2013:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"name": "RHSA-2013:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
},
{
"name": "SUSE-SU-2013:1255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name": "RHSA-2013:1451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name": "RHSA-2014:1818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"name": "RHSA-2014:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"name": "SUSE-SU-2013:1305",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"name": "ibm-java-cve20134002-dos(85260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:19:06",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC98015",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"name": "RHSA-2013:1060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name": "RHSA-2014:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "RHSA-2013:1447",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"name": "RHSA-2015:0765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "RHSA-2013:1440",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "61310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61310"
},
{
"name": "RHSA-2015:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name": "RHSA-2015:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "SUSE-SU-2013:1257",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "USN-2033-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"name": "USN-2089-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "SUSE-SU-2013:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"name": "HPSBUX02944",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"name": "RHSA-2013:1505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"name": "HPSBUX02943",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"name": "RHSA-2014:1822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"name": "56257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56257"
},
{
"name": "SUSE-SU-2013:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"name": "RHSA-2013:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"name": "RHSA-2014:1823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"name": "openSUSE-SU-2013:1663",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"name": "SUSE-SU-2013:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"name": "APPLE-SA-2013-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"name": "SUSE-SU-2013:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"name": "RHSA-2013:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
},
{
"name": "SUSE-SU-2013:1255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name": "RHSA-2013:1451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name": "RHSA-2014:1818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"name": "RHSA-2014:1821",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"name": "SUSE-SU-2013:1305",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"name": "ibm-java-cve20134002-dos(85260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC98015",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"name": "RHSA-2013:1060",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "RHSA-2013:1447",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "RHSA-2013:1440",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "61310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61310"
},
{
"name": "RHSA-2015:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "SUSE-SU-2013:1257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "USN-2033-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"name": "USN-2089-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "SUSE-SU-2013:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"name": "HPSBUX02944",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"name": "RHSA-2013:1505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"name": "HPSBUX02943",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"name": "RHSA-2014:1822",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"name": "56257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56257"
},
{
"name": "SUSE-SU-2013:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"name": "RHSA-2013:1059",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"name": "RHSA-2014:1823",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"name": "openSUSE-SU-2013:1663",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"name": "SUSE-SU-2013:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"name": "APPLE-SA-2013-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"name": "SUSE-SU-2013:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"name": "RHSA-2013:1081",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"
},
{
"name": "SUSE-SU-2013:1255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name": "RHSA-2013:1451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name": "RHSA-2014:1818",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"name": "RHSA-2014:1821",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"name": "SUSE-SU-2013:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"name": "ibm-java-cve20134002-dos(85260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21648172",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"name": "https://issues.apache.org/jira/browse/XERCESJ-1679",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013",
"refsource": "MISC",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"name": "http://support.apple.com/kb/HT5982",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5982"
},
{
"name": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4002",
"datePublished": "2013-07-23T10:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47144
Vulnerability from cvelistv5
Published
2024-02-02 13:04
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7105139 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/270271 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Tivoli Application Dependency Discovery Manager |
Version: 7.3.0.0 ≤ 7.3.0.10 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T20:45:53.491578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:28.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.3.0.10",
"status": "affected",
"version": "7.3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271."
}
],
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T13:04:56.709Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270271"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Application Dependency Discovery Manager cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47144",
"datePublished": "2024-02-02T13:04:56.709Z",
"dateReserved": "2023-10-31T00:13:36.928Z",
"dateUpdated": "2024-08-02T21:01:22.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5939
Vulnerability from cvelistv5
Published
2013-03-06 11:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80494 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21625935 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "taddm-welcome-xss(80494)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "taddm-welcome-xss(80494)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-5939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "taddm-welcome-xss(80494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80494"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-5939",
"datePublished": "2013-03-06T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5770
Vulnerability from cvelistv5
Published
2013-03-06 11:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80354 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21626029 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "taddm-weak-ssl(80354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "taddm-weak-ssl(80354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-5770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "taddm-weak-ssl(80354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354"
},
{
"name": "IV32391",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-5770",
"datePublished": "2013-03-06T11:00:00",
"dateReserved": "2012-11-02T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3023
Vulnerability from cvelistv5
Published
2018-05-24 21:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21672388 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:08.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-taddm-cve20133023-weak-security(84361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-taddm-cve20133023-weak-security(84361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-taddm-cve20133023-weak-security(84361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84361"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3023",
"datePublished": "2018-05-24T21:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T16:00:08.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47143
Vulnerability from cvelistv5
Published
2024-02-02 13:03
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7105139 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Tivoli Application Dependency Discovery Manager |
Version: 7.3.0.0 ≤ 7.3.0.10 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T19:36:36.139236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:26.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.3.0.10",
"status": "affected",
"version": "7.3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270."
}
],
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T13:03:30.881Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270270"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Application Dependency Discovery Manager HOST header injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47143",
"datePublished": "2024-02-02T13:03:30.881Z",
"dateReserved": "2023-10-31T00:13:36.928Z",
"dateUpdated": "2024-08-02T21:01:22.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3004
Vulnerability from cvelistv5
Published
2014-07-01 18:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68452 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21672395 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84145 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395"
},
{
"name": "ibm-tivoli-cve20133004-dir-traversal(84145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "68452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395"
},
{
"name": "ibm-tivoli-cve20133004-dir-traversal(84145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68452"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672395"
},
{
"name": "ibm-tivoli-cve20133004-dir-traversal(84145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3004",
"datePublished": "2014-07-01T18:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6148
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21688549 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61785 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70842 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"name": "61785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61785"
},
{
"name": "ibm-taddm-cve20146148-info-disc(96918)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
},
{
"name": "70842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"name": "61785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61785"
},
{
"name": "ibm-taddm-cve20146148-info-disc(96918)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
},
{
"name": "70842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"name": "61785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61785"
},
{
"name": "ibm-taddm-cve20146148-info-disc(96918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
},
{
"name": "70842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6148",
"datePublished": "2014-10-31T10:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3018
Vulnerability from cvelistv5
Published
2018-05-24 21:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672403 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403"
},
{
"name": "ibm-tivoli-cve20133018-info-disclosure(84354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403"
},
{
"name": "ibm-tivoli-cve20133018-info-disclosure(84354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672403"
},
{
"name": "ibm-tivoli-cve20133018-info-disclosure(84354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3018",
"datePublished": "2018-05-24T21:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5942
Vulnerability from cvelistv5
Published
2013-03-06 11:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21625935 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80537 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"name": "taddm-web-content-spoofing(80537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"name": "taddm-web-content-spoofing(80537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-5942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625935"
},
{
"name": "IV32391",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391"
},
{
"name": "taddm-web-content-spoofing(80537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-5942",
"datePublished": "2013-03-06T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3017
Vulnerability from cvelistv5
Published
2018-07-09 18:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84353 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20133017-spoofing(84353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20133017-spoofing(84353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20133017-spoofing(84353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353"
},
{
"name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3017",
"datePublished": "2018-07-09T18:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6150
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61785 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21688424 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96920 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61785"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424"
},
{
"name": "ibm-taddm-cve20146150-xss(96920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96920"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "61785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61785"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424"
},
{
"name": "ibm-taddm-cve20146150-xss(96920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96920"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61785"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688424"
},
{
"name": "ibm-taddm-cve20146150-xss(96920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96920"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6150",
"datePublished": "2014-10-31T10:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47142
Vulnerability from cvelistv5
Published
2024-02-02 13:22
Modified
2024-09-20 18:45
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7105139 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Tivoli Application Dependency Discovery Manager |
Version: 7.3.0.0 ≤ 7.3.0.10 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tivoli_application_dependency_discovery_manager",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "7.3.0.10",
"status": "affected",
"version": "7.3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T15:51:57.923056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T22:42:08.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.3.0.10",
"status": "affected",
"version": "7.3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization\u0027s local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267."
}
],
"value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization\u0027s local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T18:45:56.606Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105139"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270267"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Application Dependency Discovery Manager privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47142",
"datePublished": "2024-02-02T13:22:17.080Z",
"dateReserved": "2023-10-31T00:13:19.930Z",
"dateUpdated": "2024-09-20T18:45:56.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8926
Vulnerability from cvelistv5
Published
2017-04-14 16:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Application Dependency Discovery Manager |
Version: 7.2 Version: 7.2.1 Version: 7.2.2 Version: 7.1.2 Version: 7.3 Version: 7.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-14T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Application Dependency Discovery Manager",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "7.2.2"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8926",
"datePublished": "2017-04-14T16:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6149
Vulnerability from cvelistv5
Published
2014-10-29 10:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21688296 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70805 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96919 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296"
},
{
"name": "70805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70805"
},
{
"name": "ibm-taddm-cve20146149-directory-traversal(96919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296"
},
{
"name": "70805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70805"
},
{
"name": "ibm-taddm-cve20146149-directory-traversal(96919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688296"
},
{
"name": "70805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70805"
},
{
"name": "ibm-taddm-cve20146149-directory-traversal(96919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6149",
"datePublished": "2014-10-29T10:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8927
Vulnerability from cvelistv5
Published
2017-04-14 16:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97629 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Application Dependency Discovery Manager |
Version: 7.2 Version: 7.2.1 Version: 7.2.2 Version: 7.1.2 Version: 7.3 Version: 7.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"name": "97629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-17T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"name": "97629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Application Dependency Discovery Manager",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "7.2.2"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
},
{
"name": "97629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8927",
"datePublished": "2017-04-14T16:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1455
Vulnerability from cvelistv5
Published
2018-08-15 15:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg22016659 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140090 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/105135 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Tivoli Application Dependency Discovery Manager |
Version: 7.2.2 Version: 7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22016659"
},
{
"name": "ibm-tivoli-cve20181455-csrf(140090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140090"
},
{
"name": "105135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3"
}
]
}
],
"datePublic": "2018-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:N/S:U/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22016659"
},
{
"name": "ibm-tivoli-cve20181455-csrf(140090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140090"
},
{
"name": "105135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-13T00:00:00",
"ID": "CVE-2018-1455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Application Dependency Discovery Manager",
"version": {
"version_data": [
{
"version_value": "7.2.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22016659",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22016659"
},
{
"name": "ibm-tivoli-cve20181455-csrf(140090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140090"
},
{
"name": "105135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1455",
"datePublished": "2018-08-15T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:25:00.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1675
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10742403 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/145110 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Tivoli Application Dependency Discovery Manager |
Version: 7.2.2 Version: 7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"name": "ibm-taddm-cve20181675-info-disc(145110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3"
}
]
}
],
"datePublic": "2018-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:C/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"name": "ibm-taddm-cve20181675-info-disc(145110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-28T00:00:00",
"ID": "CVE-2018-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Application Dependency Discovery Manager",
"version": {
"version_data": [
{
"version_value": "7.2.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10742403",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"name": "ibm-taddm-cve20181675-info-disc(145110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1675",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:14:39.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2974
Vulnerability from cvelistv5
Published
2014-01-29 02:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21662955 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83877 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662955"
},
{
"name": "ibm-taddm-cve20132974-auth(83877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662955"
},
{
"name": "ibm-taddm-cve20132974-auth(83877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21662955",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662955"
},
{
"name": "ibm-taddm-cve20132974-auth(83877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2974",
"datePublished": "2014-01-29T02:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4040
Vulnerability from cvelistv5
Published
2018-05-01 18:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www-01.ibm.com/support/docview.wss?uid=swg21672253 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253"
},
{
"name": "ibm-tivoli-cve20134040-info-disc(86176)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253"
},
{
"name": "ibm-tivoli-cve20134040-info-disc(86176)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21672253"
},
{
"name": "ibm-tivoli-cve20134040-info-disc(86176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4040",
"datePublished": "2018-05-01T18:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8925
Vulnerability from cvelistv5
Published
2017-04-14 16:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97625 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Application Dependency Discovery Manager |
Version: 7.2 Version: 7.2.1 Version: 7.2.2 Version: 7.1.2 Version: 7.3 Version: 7.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Application Dependency Discovery Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-17T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "97625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Application Dependency Discovery Manager",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "7.2.2"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97625"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001579\u0026myns=swgtiv\u0026mynp=OCSSPLFC\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSPLFC-_-E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8925",
"datePublished": "2017-04-14T16:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}