RSS   Vulnerabilities for
'Mobilefirst platform foundation'
   RSS

2020-05-27
 
CVE-2020-4226

CWE-200
 

 
IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.

 
2018-04-04
 
CVE-2017-1772

CWE-79
 

 
IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786.

 
2017-08-01
 
CVE-2017-1500

 

 
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.

 

 >>> Vendor: IBM 1045 Products
AIX
Http server
Communications server
SNG
JAVA
Lotus domino mail server
Lotus notes
OS2
AFS
GINA
Lotus domino server
Aix enetwork firewall
Websphere application server
Domino
Lotus cc mail
Tivoli opc tracker agent
Netfinity remote control
System data repository
Homepageprint
Navio nc browser
Network station manager
Net.data
Os2 ftp server
As400 firewall
Http server ssl module common
Lotus domino
Tivoli management framework
Db2 universal database
Websphere plugin
Net.commerce
Net.commerce hosting server
Websphere commerce suite
High availability cluster multiprocessing
Aix snmp
Tivoli netview
4758
Informix web datablade
Tivoli secureway policy director
Hacmp
Alphaworks tftp server
Secureway directory
Lotus domino r5
Visualage for java
SDK
Tivoli storage manager
Informix
Websphere caching proxy server
Secureway firewall
U2 universe
Autofs
Aix parallel systems support programs
Os 400
Infoprint 21
Lotus notes client
Lotus domino web server
Director
DB2
Tivoli firewall toolbox
Internet security systems blackice defender
Cloudscape
Acprunner
Websphere edge server caching proxy
Ds4100
Director agent
Mcs-7815-1000
Mcs-7815i-2.0
Mcs-7835i-2.4
Mcs-7835i-3.0
X330
X340
X342
X345
Informix dynamic server
Informix extended parallel server
Parallel environment
Trading partner interchange
Tivoli directory server
Data ontap
Tivoli access manager for e-business
Tivoli access manager identity manager solution
Tivoli configuration manager
Tivoli configuration manager for atm
Websphere everyplace server
Egatherer
Hardware management console
Client access
Iseries as 400
Rational clearquest
Lotus domino enterprise server
Db2 content manager
Informix dynamic database server
Workflow
Lotus domino inotes client
Tivoli business systems manager
Interact
Network appliance data ontap
Lotus domino web access
Inventory scout
Client security password manager
Informix client sdk
See all Products for Vendor IBM


Copyright 2024, cxsecurity.com

 

Back to Top