Page 2 of 7187 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174572 • CWE-208: Observable Timing Discrepancy •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. • https://www.ibm.com/support/pages/node/7174572 • CWE-598: Use of GET Request Method With Sensitive Query Strings •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. • https://www.ibm.com/support/pages/node/7174183 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/1144438 • CWE-352: Cross-Site Request Forgery (CSRF) •