Search Results | AttackerKB

Show filters

Topics 10 Users 9,733

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

10 Total Results

Displaying 1-10 of 10

Attacker Value

Unknown

CVE-2016-2861

Disclosure Date: July 02, 2016 (last updated November 25, 2024)

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

0

Attacker Value

Unknown

CVE-2016-0400

Disclosure Date: July 02, 2016 (last updated November 25, 2024)

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

0

Attacker Value

Unknown

CVE-2015-2031

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

0

Attacker Value

Unknown

CVE-2015-2025

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

0

Attacker Value

Unknown

CVE-2015-2027

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

0

Attacker Value

Unknown

CVE-2015-2026

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

0

Attacker Value

Unknown

CVE-2015-2029

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.

0

Attacker Value

Unknown

CVE-2015-2028

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

0

Attacker Value

Unknown

CVE-2015-2030

Disclosure Date: October 04, 2015 (last updated October 05, 2023)

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

0

Attacker Value

Unknown

CVE-2013-6734

Disclosure Date: February 22, 2014 (last updated October 05, 2023)

IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.

0