| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1001 |
CVE-2017-3109 |
79 |
|
XSS |
2017-12-09 |
2017-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. |
|
1002 |
CVE-2017-3105 |
601 |
|
|
2017-12-01 |
2017-12-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. |
|
1003 |
CVE-2017-3104 |
79 |
|
XSS |
2017-12-01 |
2017-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. |
|
1004 |
CVE-2017-2886 |
787 |
|
Exec Code Mem. Corr. |
2017-12-11 |
2022-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. |
|
1005 |
CVE-2017-1760 |
|
|
|
2017-12-11 |
2019-10-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. |
|
1006 |
CVE-2017-1757 |
89 |
|
Sql |
2017-12-20 |
2018-01-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. |
|
1007 |
CVE-2017-1751 |
79 |
|
XSS |
2017-12-20 |
2018-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. |
|
1008 |
CVE-2017-1746 |
352 |
|
CSRF |
2017-12-20 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. |
|
1009 |
CVE-2017-1716 |
732 |
|
|
2017-12-13 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. |
|
1010 |
CVE-2017-1698 |
200 |
|
+Info |
2017-12-27 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. |
|
1011 |
CVE-2017-1696 |
20 |
|
Exec Code |
2017-12-20 |
2018-01-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. |
|
1012 |
CVE-2017-1694 |
319 |
|
|
2017-12-20 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. |
|
1013 |
CVE-2017-1683 |
79 |
|
XSS |
2017-12-11 |
2017-12-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. |
|
1014 |
CVE-2017-1635 |
416 |
|
Exec Code |
2017-12-13 |
2017-12-27 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243. |
|
1015 |
CVE-2017-1632 |
79 |
|
XSS |
2017-12-11 |
2017-12-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. |
|
1016 |
CVE-2017-1631 |
352 |
|
CSRF |
2017-12-20 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. |
|
1017 |
CVE-2017-1613 |
200 |
|
+Info |
2017-12-11 |
2017-12-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. |
|
1018 |
CVE-2017-1606 |
89 |
|
Sql |
2017-12-11 |
2017-12-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. |
|
1019 |
CVE-2017-1600 |
79 |
|
XSS |
2017-12-20 |
2018-01-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. |
|
1020 |
CVE-2017-1598 |
327 |
|
|
2017-12-20 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. |
|
1021 |
CVE-2017-1596 |
200 |
|
+Info |
2017-12-20 |
2018-01-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. |
|
1022 |
CVE-2017-1595 |
200 |
|
+Info |
2017-12-20 |
2018-01-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. |
|
1023 |
CVE-2017-1558 |
601 |
|
+Info |
2017-12-13 |
2017-12-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. |
|
1024 |
CVE-2017-1550 |
|
|
|
2017-12-11 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. |
|
1025 |
CVE-2017-1549 |
79 |
|
XSS |
2017-12-11 |
2017-12-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. |
|
1026 |
CVE-2017-1548 |
22 |
|
Dir. Trav. |
2017-12-11 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. |
|
1027 |
CVE-2017-1546 |
79 |
|
XSS |
2017-12-13 |
2017-12-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. |
|
1028 |
CVE-2017-1536 |
79 |
|
XSS |
2017-12-11 |
2017-12-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. |
|
1029 |
CVE-2017-1507 |
200 |
|
+Info |
2017-12-11 |
2017-12-26 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. |
|
1030 |
CVE-2017-1498 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. |
|
1031 |
CVE-2017-1497 |
200 |
|
+Info |
2017-12-07 |
2017-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. |
|
1032 |
CVE-2017-1494 |
79 |
|
XSS |
2017-12-20 |
2019-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. |
|
1033 |
CVE-2017-1487 |
200 |
|
+Info |
2017-12-07 |
2017-12-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. |
|
1034 |
CVE-2017-1482 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. |
|
1035 |
CVE-2017-1481 |
200 |
|
+Info |
2017-12-07 |
2017-12-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. |
|
1036 |
CVE-2017-1465 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. |
|
1037 |
CVE-2017-1433 |
|
|
|
2017-12-07 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. |
|
1038 |
CVE-2017-1423 |
200 |
|
+Info |
2017-12-20 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. |
|
1039 |
CVE-2017-1421 |
79 |
|
XSS |
2017-12-13 |
2017-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
1040 |
CVE-2017-1365 |
79 |
|
XSS |
2017-12-27 |
2018-01-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. |
|
1041 |
CVE-2017-1356 |
89 |
|
Sql |
2017-12-07 |
2017-12-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. |
|
1042 |
CVE-2017-1355 |
200 |
|
+Info |
2017-12-07 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. |
|
1043 |
CVE-2017-1354 |
79 |
|
XSS |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. |
|
1044 |
CVE-2017-1353 |
200 |
|
+Info |
2017-12-07 |
2017-12-19 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. |
|
1045 |
CVE-2017-1342 |
200 |
|
+Info |
2017-12-07 |
2017-12-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. |
|
1046 |
CVE-2017-1341 |
|
|
|
2017-12-07 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. |
|
1047 |
CVE-2017-1336 |
94 |
|
|
2017-12-07 |
2017-12-22 |
3.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
None |
|
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. |
|
1048 |
CVE-2017-1271 |
326 |
|
|
2017-12-07 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. |
|
1049 |
CVE-2017-1270 |
384 |
|
|
2017-12-20 |
2018-01-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. |
|
1050 |
CVE-2017-1266 |
732 |
|
|
2017-12-20 |
2019-10-03 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. |
