Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1107 | 1 Ibm | 1 Marketing Platform | 2023-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. | |||||
CVE-2018-1920 | 1 Ibm | 1 Marketing Platform | 2019-10-09 | 5.5 MEDIUM | 7.1 HIGH |
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855. | |||||
CVE-2018-1424 | 1 Ibm | 1 Marketing Platform | 2019-10-09 | 5.5 MEDIUM | 7.1 HIGH |
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029. | |||||
CVE-2013-6311 | 1 Ibm | 1 Marketing Platform | 2017-08-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-6308 | 1 Ibm | 1 Marketing Platform | 2017-08-28 | 4.9 MEDIUM | N/A |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | |||||
CVE-2013-6309 | 1 Ibm | 1 Marketing Platform | 2017-08-28 | 6.0 MEDIUM | N/A |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | |||||
CVE-2013-6310 | 1 Ibm | 1 Marketing Platform | 2017-08-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2017-05-30 | 6.5 MEDIUM | 8.8 HIGH |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
CVE-2016-0255 | 1 Ibm | 1 Marketing Platform | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. | |||||
CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2017-04-21 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | |||||
CVE-2016-0229 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2016-0233 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |