Skip to main content

Spectrum Symphony

6 CVEs product

Monthly

CVE-2023-24975 MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2018-1706 MEDIUM PATCH This Month

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1704 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1702 HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1705 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1595 HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
8.8
EPSS
2.4%
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Symphony
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Platform Symphony +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy