CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1595
https://notcve.org/view.php?id=CVE-2018-1595
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622. IBM Spectrum Symphony y Platform Symphony 7.1.2 y 7.2.0.2 podrían permitir que un usuario autenticado ejecute comandos arbitrarios debido al manejo incorrecto de entradas proporcionadas por el usuario. IBM X-Force ID: 143622. • http://www.securityfocus.com/bid/104956 https://exchange.xforce.ibmcloud.com/vulnerabilities/143622 https://www.ibm.com/support/docview.wss?uid=isg3T1027819 •
CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0CVE-2013-5400 – IBM Platform Symphony DE Auth-Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5400
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. Un servlet no especificado en IBM Platform Symphony Developer Edition (DE) 5.2 y 6.1.x hasta 6.1.1 tiene las credenciales embebidas, lo que permite a atacantes remotos evadir la autenticación y obtener acceso al "entorno local" a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SoamGui servlet. The servlet uses a fixed username and password which allows a malicious user to execute commands remotely in the context of the process. • http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564 https://exchange.xforce.ibmcloud.com/vulnerabilities/87296 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 87%CPEs: 3EXPL: 0CVE-2013-5387 – IBM Platform Symphony DE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5387
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data. Desbordamiento de búfer en la plataforma IBM Symphony 5.2, 6.1 y 6.1.1 que permite a atacantes remotos provocar una denegación de servicio (caída de proceso o bloqueo) a través de una petición SOAP manipulada con una gran cantidad de datos en la solicitud. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Platform Symphony DE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the way SOAP requests are handled. A malformed SOAP request would overwrite a statically sized buffer that could allow remote code execution in the context of the process. • http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072 http://www.securityfocus.com/bid/63517 https://exchange.xforce.ibmcloud.com/vulnerabilities/87109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •