VYPR

Platform Symphony

by IBM

CVEs (7)

  • CVE-2018-1595HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

  • CVE-2018-1702HigSep 28, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume…

  • CVE-2018-1704MedSep 28, 2018
    risk 0.44cvss 6.8epss 0.01

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this…

  • CVE-2018-1705MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340.

  • CVE-2013-5400Feb 14, 2014
    risk 0.00cvss epss 0.02

    An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.

  • CVE-2013-6305Jan 21, 2014
    risk 0.00cvss epss 0.01

    IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this…

  • CVE-2013-5387Nov 6, 2013
    risk 0.00cvss epss 0.01

    Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.