Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Campaign
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1921 1 Ibm 1 Campaign 2023-03-01 3.5 LOW 5.4 MEDIUM
IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.
CVE-2019-4384 1 Ibm 1 Campaign 2023-01-30 4.0 MEDIUM 4.3 MEDIUM
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.
CVE-2018-1941 1 Ibm 1 Campaign 2019-10-09 4.6 MEDIUM 7.8 HIGH
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.
CVE-2017-1115 1 Ibm 1 Campaign 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
CVE-2017-1114 1 Ibm 1 Campaign 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.
CVE-2016-9749 1 Ibm 1 Campaign 2019-10-09 2.1 LOW 3.3 LOW
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
CVE-2017-1116 1 Ibm 1 Campaign 2018-05-25 4.0 MEDIUM 4.3 MEDIUM
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.
CVE-2016-0265 1 Ibm 1 Campaign 2017-02-05 3.5 LOW 5.4 MEDIUM
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.