CVE-2023-24975 – IBM Spectrum Symphony HOST header injection
https://notcve.org/view.php?id=CVE-2023-24975
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247030 https://www.ibm.com/support/pages/node/6959369 • CWE-20: Improper Input Validation •
CVE-2018-1706
https://notcve.org/view.php?id=CVE-2018-1706
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341. IBM Spectrum Symphony 7.2.0.2 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10719669 https://exchange.xforce.ibmcloud.com/vulnerabilities/146341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1704
https://notcve.org/view.php?id=CVE-2018-1704
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 podrían permitir que un atacante remoto lleve a cabo ataques de phishing mediante un ataque de redirección abierta. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146339 https://www.ibm.com/support/docview.wss?uid=ibm10719671 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-1702
https://notcve.org/view.php?id=CVE-2018-1702
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 son vulnerables a un ataque de XEE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146189 https://www.ibm.com/support/docview.wss?uid=ibm10719659 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-1705
https://notcve.org/view.php?id=CVE-2018-1705
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 contienen una vulnerabilidad de divulgación de información que podría permitir que un atacante autenticado obtenga información altamente sensible. IBM X-Force ID: 146340. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146340 https://www.ibm.com/support/docview.wss?uid=ibm10719665 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •