Daeja Viewone
by IBM
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1210 | Hig | 0.49 | 7.5 | 0.01 | Oct 24, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | ||
| CVE-2017-1212 | Med | 0.42 | 6.5 | 0.01 | Oct 24, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. | ||
| CVE-2017-1308 | Med | 0.42 | 6.5 | 0.02 | Jul 13, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | ||
| CVE-2018-1399 | Med | 0.35 | 5.4 | 0.01 | Feb 27, 2018 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within… | ||
| CVE-2017-1209 | Med | 0.35 | 5.4 | 0.01 | Oct 24, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | ||
| CVE-2017-1211 | Low | 0.16 | 2.5 | 0.00 | Oct 24, 2017 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. | ||
| CVE-2019-4246 | 0.00 | — | 0.01 | Oct 1, 2019 | IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. | |||
| CVE-2019-4456 | 0.00 | — | 0.02 | Jul 30, 2019 | IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force… | |||
| CVE-2019-4260 | 0.00 | — | 0.01 | Jul 2, 2019 | IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. | |||
| CVE-2018-1835 | 0.00 | — | 0.02 | Nov 2, 2018 | IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. |
- risk 0.49cvss 7.5epss 0.01
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.
- risk 0.42cvss 6.5epss 0.01
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.
- risk 0.42cvss 6.5epss 0.02
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.
- risk 0.35cvss 5.4epss 0.01
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within…
- risk 0.35cvss 5.4epss 0.01
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- risk 0.16cvss 2.5epss 0.00
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.
- CVE-2019-4246Oct 1, 2019risk 0.00cvss —epss 0.01
IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.
- CVE-2019-4456Jul 30, 2019risk 0.00cvss —epss 0.02
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…
- CVE-2019-4260Jul 2, 2019risk 0.00cvss —epss 0.01
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.
- CVE-2018-1835Nov 2, 2018risk 0.00cvss —epss 0.02
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.