Skip to main content
CVE-2015-2026 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Websphere Extreme Scale
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-2030 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1934 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-2025 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2029 MEDIUM PATCH This Month

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2028 MEDIUM PATCH This Month

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Code Injection Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy