Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-2159 (GCVE-0-2012-2159)
Vulnerability from cvelistv5 – Published: 2012-06-20 10:00 – Updated: 2024-08-06 19:26
VLAI?
EPSS
Summary
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "iehs-multiple-open-redirect(74832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "iehs-multiple-open-redirect(74832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "iehs-multiple-open-redirect(74832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2159",
"datePublished": "2012-06-20T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2A8F522-B785-4C9D-B133-D895B8A5D0E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66B37DEF-109F-4769-901C-DD8B33DEA054\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FA1883D-1576-43B9-904A-536C0C249112\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6990B7A5-3C72-494B-A512-23E508B71CE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED735680-3700-4744-857C-EA2F005D89E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"673496DB-11BB-4FEB-9772-175F5D45859F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de redirecci\\u00f3n abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2012-2159",
"lastModified": "2024-11-21T01:38:37.240",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2012-06-20T10:27:28.193",
"references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21596690\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21598423\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74832\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21596690\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21598423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-2159\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-06-20T10:27:28.193\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de redirecci\u00f3n abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2A8F522-B785-4C9D-B133-D895B8A5D0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B37DEF-109F-4769-901C-DD8B33DEA054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FA1883D-1576-43B9-904A-536C0C249112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6990B7A5-3C72-494B-A512-23E508B71CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED735680-3700-4744-857C-EA2F005D89E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"673496DB-11BB-4FEB-9772-175F5D45859F\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21596690\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21598423\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74832\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21596690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21598423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2012-AVI-521
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Eclipse Help System. Elles concernent des injections de code indirecte à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Eclipse Help System 1.5.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Eclipse Help System 1.5.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21611417 du 18 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611417"
}
],
"reference": "CERTA-2012-AVI-521",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nEclipse Help System\u003c/span\u003e. Elles concernent des injections de code\nindirecte \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Eclipse Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 swg21611417 du 18 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-521
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Eclipse Help System. Elles concernent des injections de code indirecte à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Eclipse Help System 1.5.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Eclipse Help System 1.5.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21611417 du 18 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611417"
}
],
"reference": "CERTA-2012-AVI-521",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nEclipse Help System\u003c/span\u003e. Elles concernent des injections de code\nindirecte \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Eclipse Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 swg21611417 du 18 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-598
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité de type injection de code indirecte à distance a été corrigée dans IBM DB2.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM DB2 DataQuant for z/OS versions 1.2.15 et précédentes | ||
| IBM | Db2 | IBM DB2 DataQuant for Multiplatforms versions 1.2.15 et précédentes | ||
| IBM | Db2 | IBM DB2 QMF for WebSphere versions 10.1.5 et précédentes | ||
| IBM | Db2 | IBM DB2 QMF for Worsktation versions 10.1.5 et précédentes |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM DB2 DataQuant for z/OS versions 1.2.15 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 DataQuant for Multiplatforms versions 1.2.15 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 QMF for WebSphere versions 10.1.5 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 QMF for Worsktation versions 10.1.5 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
}
],
"links": [
{
"title": "R\u00e9f\u00e9rence CVE-2012-2159 :",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2159"
}
],
"reference": "CERTA-2012-AVI-598",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance a \u00e9t\u00e9\ncorrig\u00e9e dans IBM DB2.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM DataQuant et IBM DB2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21614444 du 19 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21614445 du 19 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614445"
}
]
}
CERTA-2012-AVI-668
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Discovery. Certaines d'entre elles permettent à un attaquant d'injecter du code indirecte à distance ( XSS ).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration | ||
| IBM | N/A | IBM InfoSphere Discovery Information Center version 4.5.1 | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour z/OS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery Information Center version 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour z/OS",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-668",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Discovery\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant d\u0027injecter du code indirecte \u00e0 distance ( XSS\n).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Discovery",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617872 du 19 novembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617872"
}
]
}
CERTA-2013-AVI-082
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Information Server. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire au moyen d'un fichier DLL spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Information Server version 8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0702"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0701"
},
{
"name": "CVE-2012-4832",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4832"
},
{
"name": "CVE-2012-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0705"
},
{
"name": "CVE-2012-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0205"
},
{
"name": "CVE-2012-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0703"
},
{
"name": "CVE-2012-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0700"
},
{
"name": "CVE-2012-4819",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4819"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0203"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0204"
}
],
"links": [],
"reference": "CERTA-2013-AVI-082",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Information Server\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen d\u0027un fichier DLL sp\u00e9cialement con\u00e7u.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Information Server Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21623501 du 25 janvier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
}
]
}
CERTA-2012-AVI-534
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Rational Change. Elles concernent des injections de codes indirectes à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Rational Change version 5.3.0.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Rational Change version 5.3.0.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-534",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Change\u003c/span\u003e. Elles concernent des injections de codes\nindirectes \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Rational Change",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612273 du 26 septembre",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612273"
}
]
}
CERTA-2013-AVI-140
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Data Studio Help System. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Data Studio Help System versions antérieures à 3.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Data Studio Help System versions ant\u00e9rieures \u00e0 3.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2013-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0467"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2013-AVI-140",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Data Studio Help System\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Data Studio Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625573 du 15 f\u00e9vrier 2013",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21625573"
}
]
}
CERTA-2012-AVI-537
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Rational Synergy. Certaines d'entre elles permettent une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Rational Synergy 7.2.0.3 pour la branche 7.2.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Rational Synergy 7.1.0.6 pour la branche 7.1.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0500"
},
{
"name": "CVE-2012-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0507"
},
{
"name": "CVE-2012-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
},
{
"name": "CVE-2012-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
},
{
"name": "CVE-2012-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5035"
},
{
"name": "CVE-2012-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
},
{
"name": "CVE-2012-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
},
{
"name": "CVE-2011-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
},
{
"name": "CVE-2011-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4461"
},
{
"name": "CVE-2012-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0497"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2011-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
},
{
"name": "CVE-2012-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0498"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612331 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612331"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612332 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612332"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612333 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612333"
}
],
"reference": "CERTA-2012-AVI-537",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Rational Synergy\u003c/span\u003e. Certaines d\u0027entre elles\npermettent une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Synergy",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM swg21612331 swg21612332 swg21612333 du 27 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-598
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité de type injection de code indirecte à distance a été corrigée dans IBM DB2.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM DB2 DataQuant for z/OS versions 1.2.15 et précédentes | ||
| IBM | Db2 | IBM DB2 DataQuant for Multiplatforms versions 1.2.15 et précédentes | ||
| IBM | Db2 | IBM DB2 QMF for WebSphere versions 10.1.5 et précédentes | ||
| IBM | Db2 | IBM DB2 QMF for Worsktation versions 10.1.5 et précédentes |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM DB2 DataQuant for z/OS versions 1.2.15 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 DataQuant for Multiplatforms versions 1.2.15 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 QMF for WebSphere versions 10.1.5 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM DB2 QMF for Worsktation versions 10.1.5 et pr\u00e9c\u00e9dentes",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
}
],
"links": [
{
"title": "R\u00e9f\u00e9rence CVE-2012-2159 :",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2159"
}
],
"reference": "CERTA-2012-AVI-598",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance a \u00e9t\u00e9\ncorrig\u00e9e dans IBM DB2.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM DataQuant et IBM DB2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21614444 du 19 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21614445 du 19 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614445"
}
]
}
CERTA-2012-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM WebSphere. Elles affectent toutes les deux le composant IEHS (IBM Eclipse Help System). La première concerne une injection de code indirecte à distance (XSS) et la deuxième est une redirection d'URL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Operanital Decision Management version 7.5.0.0 à 8.0.0.0 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour Cobol version 7.0.0 à 7.1.4 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour z/OS version 7.0.0 à 7.1.4. | ||
| IBM | WebSphere | IBM WebSphere ILOG JRules version 7.0.0 à 7.1.1.4 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Operanital Decision Management version 7.5.0.0 \u00e0 8.0.0.0 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour Cobol version 7.0.0 \u00e0 7.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour z/OS version 7.0.0 \u00e0 7.1.4.",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG JRules version 7.0.0 \u00e0 7.1.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74833 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74833"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74832 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74832"
}
],
"reference": "CERTA-2012-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nWebSphere\u003c/span\u003e. Elles affectent toutes les deux le composant IEHS (IBM\nEclipse Help System). La premi\u00e8re concerne une injection de code\nindirecte \u00e0 distance (XSS) et la deuxi\u00e8me est une redirection d\u0027URL.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21600616 du 05 juillet 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600616"
}
]
}
CERTA-2012-AVI-537
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Rational Synergy. Certaines d'entre elles permettent une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Rational Synergy 7.2.0.3 pour la branche 7.2.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Rational Synergy 7.1.0.6 pour la branche 7.1.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0500"
},
{
"name": "CVE-2012-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0507"
},
{
"name": "CVE-2012-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
},
{
"name": "CVE-2012-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
},
{
"name": "CVE-2012-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5035"
},
{
"name": "CVE-2012-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
},
{
"name": "CVE-2012-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
},
{
"name": "CVE-2011-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
},
{
"name": "CVE-2011-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4461"
},
{
"name": "CVE-2012-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0497"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2011-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
},
{
"name": "CVE-2012-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0498"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612331 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612331"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612332 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612332"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612333 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612333"
}
],
"reference": "CERTA-2012-AVI-537",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Rational Synergy\u003c/span\u003e. Certaines d\u0027entre elles\npermettent une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Synergy",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM swg21612331 swg21612332 swg21612333 du 27 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-668
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Discovery. Certaines d'entre elles permettent à un attaquant d'injecter du code indirecte à distance ( XSS ).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration | ||
| IBM | N/A | IBM InfoSphere Discovery Information Center version 4.5.1 | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour z/OS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery Information Center version 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour z/OS",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-668",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Discovery\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant d\u0027injecter du code indirecte \u00e0 distance ( XSS\n).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Discovery",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617872 du 19 novembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617872"
}
]
}
CERTA-2013-AVI-139
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM . Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management versions 7.5, 7.1, et 6.2 | ||
| IBM | Tivoli | IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1 | ||
| IBM | Tivoli | IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2 | ||
| IBM | N/A | IBM SmartCloud Control Desk version 7.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SmartCloud Control Desk version 7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3316"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-3322",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3322"
},
{
"name": "CVE-2012-6355",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6355"
},
{
"name": "CVE-2012-3321",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3321"
},
{
"name": "CVE-2012-3327",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3327"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6356"
},
{
"name": "CVE-2013-0457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0457"
},
{
"name": "CVE-2012-6357",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6357"
},
{
"name": "CVE-2012-3328",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3328"
}
],
"links": [],
"reference": "CERTA-2013-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e . Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625624 du 15 f\u00e9vrier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
}
]
}
CERTA-2012-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM WebSphere. Elles affectent toutes les deux le composant IEHS (IBM Eclipse Help System). La première concerne une injection de code indirecte à distance (XSS) et la deuxième est une redirection d'URL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Operanital Decision Management version 7.5.0.0 à 8.0.0.0 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour Cobol version 7.0.0 à 7.1.4 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour z/OS version 7.0.0 à 7.1.4. | ||
| IBM | WebSphere | IBM WebSphere ILOG JRules version 7.0.0 à 7.1.1.4 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Operanital Decision Management version 7.5.0.0 \u00e0 8.0.0.0 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour Cobol version 7.0.0 \u00e0 7.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour z/OS version 7.0.0 \u00e0 7.1.4.",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG JRules version 7.0.0 \u00e0 7.1.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74833 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74833"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74832 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74832"
}
],
"reference": "CERTA-2012-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nWebSphere\u003c/span\u003e. Elles affectent toutes les deux le composant IEHS (IBM\nEclipse Help System). La premi\u00e8re concerne une injection de code\nindirecte \u00e0 distance (XSS) et la deuxi\u00e8me est une redirection d\u0027URL.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21600616 du 05 juillet 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600616"
}
]
}
CERTA-2012-AVI-606
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) dans le système d'aide de IBM Eclipse ( IEHS ) et une redirection vers un site arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Streams Information Center version 2.0.0.3 et version 2.0.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Streams Studio version 2.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
}
],
"links": [],
"reference": "CERTA-2012-AVI-606",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) dans le\nsyst\u00e8me d\u0027aide de \u003cspan class=\"textit\"\u003eIBM Eclipse\u003c/span\u003e ( IEHS ) et\nune redirection vers un site arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21615067 du 25 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615067"
}
]
}
CERTA-2013-AVI-140
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Data Studio Help System. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Data Studio Help System versions antérieures à 3.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Data Studio Help System versions ant\u00e9rieures \u00e0 3.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2013-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0467"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2013-AVI-140",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Data Studio Help System\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Data Studio Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625573 du 15 f\u00e9vrier 2013",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21625573"
}
]
}
CERTA-2013-AVI-082
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Information Server. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire au moyen d'un fichier DLL spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Information Server version 8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0702"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0701"
},
{
"name": "CVE-2012-4832",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4832"
},
{
"name": "CVE-2012-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0705"
},
{
"name": "CVE-2012-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0205"
},
{
"name": "CVE-2012-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0703"
},
{
"name": "CVE-2012-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0700"
},
{
"name": "CVE-2012-4819",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4819"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0203"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0204"
}
],
"links": [],
"reference": "CERTA-2013-AVI-082",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Information Server\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen d\u0027un fichier DLL sp\u00e9cialement con\u00e7u.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Information Server Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21623501 du 25 janvier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
}
]
}
CERTA-2012-AVI-606
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) dans le système d'aide de IBM Eclipse ( IEHS ) et une redirection vers un site arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Streams Information Center version 2.0.0.3 et version 2.0.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Streams Studio version 2.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
}
],
"links": [],
"reference": "CERTA-2012-AVI-606",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) dans le\nsyst\u00e8me d\u0027aide de \u003cspan class=\"textit\"\u003eIBM Eclipse\u003c/span\u003e ( IEHS ) et\nune redirection vers un site arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21615067 du 25 octobre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615067"
}
]
}
CERTA-2013-AVI-139
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM . Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management versions 7.5, 7.1, et 6.2 | ||
| IBM | Tivoli | IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1 | ||
| IBM | Tivoli | IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2 | ||
| IBM | N/A | IBM SmartCloud Control Desk version 7.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SmartCloud Control Desk version 7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3316"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-3322",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3322"
},
{
"name": "CVE-2012-6355",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6355"
},
{
"name": "CVE-2012-3321",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3321"
},
{
"name": "CVE-2012-3327",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3327"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6356"
},
{
"name": "CVE-2013-0457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0457"
},
{
"name": "CVE-2012-6357",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6357"
},
{
"name": "CVE-2012-3328",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3328"
}
],
"links": [],
"reference": "CERTA-2013-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e . Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625624 du 15 f\u00e9vrier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
}
]
}
CERTA-2012-AVI-735
Vulnerability from certfr_avis - Published: - Updated:
Trois vulnérabilités ont été corrigées dans IBM Rational Publishing Engine (RPE). La première concerne le composant Java Runtime Environment. La seconde permet de rediriger la navigation Web d'un utilisateur vers un site illégitime. La dernière affecte le système d'aide et peut mener un utilisateur malintentionné à effectuer des injections de codes indirectes à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Rational Publishing Engine 1.1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-735",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Publishing Engine\u003c/span\u003e (RPE). La premi\u00e8re concerne le\ncomposant \u003cspan class=\"textit\"\u003eJava Runtime Environment\u003c/span\u003e. La\nseconde permet de rediriger la navigation Web d\u0027un utilisateur vers un\nsite ill\u00e9gitime. La derni\u00e8re affecte le syst\u00e8me d\u0027aide et peut mener un\nutilisateur malintentionn\u00e9 \u00e0 effectuer des injections de codes\nindirectes \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Publishing Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617746 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617746"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619410 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619410"
}
]
}
CERTA-2012-AVI-534
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Rational Change. Elles concernent des injections de codes indirectes à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Rational Change version 5.3.0.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Rational Change version 5.3.0.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-534",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Change\u003c/span\u003e. Elles concernent des injections de codes\nindirectes \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Rational Change",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612273 du 26 septembre",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612273"
}
]
}
CERTA-2012-AVI-735
Vulnerability from certfr_avis - Published: - Updated:
Trois vulnérabilités ont été corrigées dans IBM Rational Publishing Engine (RPE). La première concerne le composant Java Runtime Environment. La seconde permet de rediriger la navigation Web d'un utilisateur vers un site illégitime. La dernière affecte le système d'aide et peut mener un utilisateur malintentionné à effectuer des injections de codes indirectes à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Rational Publishing Engine 1.1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-735",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Publishing Engine\u003c/span\u003e (RPE). La premi\u00e8re concerne le\ncomposant \u003cspan class=\"textit\"\u003eJava Runtime Environment\u003c/span\u003e. La\nseconde permet de rediriger la navigation Web d\u0027un utilisateur vers un\nsite ill\u00e9gitime. La derni\u00e8re affecte le syst\u00e8me d\u0027aide et peut mener un\nutilisateur malintentionn\u00e9 \u00e0 effectuer des injections de codes\nindirectes \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Publishing Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617746 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617746"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619410 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619410"
}
]
}
FKIE_CVE-2012-2159
Vulnerability from fkie_nvd - Published: 2012-06-20 10:27 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_appscan_source | 7.0 | |
| ibm | security_appscan_source | 8.0 | |
| ibm | security_appscan_source | 8.0.0.1 | |
| ibm | security_appscan_source | 8.0.0.2 | |
| ibm | security_appscan_source | 8.5 | |
| ibm | security_appscan_source | 8.5.0.1 | |
| ibm | spss_data_collection | 6.0 | |
| ibm | spss_data_collection | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8F522-B785-4C9D-B133-D895B8A5D0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED735680-3700-4744-857C-EA2F005D89E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673496DB-11BB-4FEB-9772-175F5D45859F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-2159",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-20T10:27:28.193",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2012-2159
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2159",
"description": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
"id": "GSD-2012-2159"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-2159"
],
"details": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
"id": "GSD-2012-2159",
"modified": "2023-12-13T01:20:16.355211Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "iehs-multiple-open-redirect(74832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2159"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "iehs-multiple-open-redirect(74832)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-08-29T01:31Z",
"publishedDate": "2012-06-20T10:27Z"
}
}
}
GHSA-W2FG-WG6F-HGQG
Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2022-05-17 01:46
VLAI?
Details
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2012-2159"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-06-20T10:27:00Z",
"severity": "MODERATE"
},
"details": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
"id": "GHSA-w2fg-wg6f-hgqg",
"modified": "2022-05-17T01:46:35Z",
"published": "2022-05-17T01:46:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2159"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…