Skip to main content

Pureapplication System

8 CVEs product

Monthly

CVE-2019-4241 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4235 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force IBM Information Disclosure Pureapplication System
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-4234 MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-4225 MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Pureapplication System
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4224 HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Pureapplication System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2015-0235 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Memory Corruption Buffer Overflow RCE Glibc Communications Application Session Controller +16
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.7%
Threat
6.1
CVE-2014-6158 CRITICAL PATCH Act Now

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE IBM Pureapplication System Workload Deployer
NVD
CVSS 2.0
9.0
EPSS
2.4%
CVE-2014-0960 MEDIUM This Month

IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed. Rated medium severity (CVSS 6.6). No vendor patch available.

IBM Privilege Escalation Pureapplication System
NVD
CVSS 2.0
6.6
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force IBM Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Pureapplication System
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Pureapplication System
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Pureapplication System
NVD
EPSS 87% 6.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Memory Corruption Buffer Overflow RCE +18
NVD Exploit-DB
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE IBM +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed. Rated medium severity (CVSS 6.6). No vendor patch available.

IBM Privilege Escalation Pureapplication System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy