CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1704
https://notcve.org/view.php?id=CVE-2018-1704
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 podrían permitir que un atacante remoto lleve a cabo ataques de phishing mediante un ataque de redirección abierta. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146339 https://www.ibm.com/support/docview.wss?uid=ibm10719671 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1702
https://notcve.org/view.php?id=CVE-2018-1702
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 son vulnerables a un ataque de XEE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146189 https://www.ibm.com/support/docview.wss?uid=ibm10719659 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1705
https://notcve.org/view.php?id=CVE-2018-1705
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. IBM Platform Symphony 7.1 Fix Pack 1 y 7.1.1 y IBM Spectrum Symphony 7.1.2 y 7.2.0.2 contienen una vulnerabilidad de divulgación de información que podría permitir que un atacante autenticado obtenga información altamente sensible. IBM X-Force ID: 146340. • https://exchange.xforce.ibmcloud.com/vulnerabilities/146340 https://www.ibm.com/support/docview.wss?uid=ibm10719665 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1595
https://notcve.org/view.php?id=CVE-2018-1595
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622. IBM Spectrum Symphony y Platform Symphony 7.1.2 y 7.2.0.2 podrían permitir que un usuario autenticado ejecute comandos arbitrarios debido al manejo incorrecto de entradas proporcionadas por el usuario. IBM X-Force ID: 143622. • http://www.securityfocus.com/bid/104956 https://exchange.xforce.ibmcloud.com/vulnerabilities/143622 https://www.ibm.com/support/docview.wss?uid=isg3T1027819 •