VYPR

Worklight

by IBM

CVEs (3)

  • CVE-2017-1772MedApr 4, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1500MedAug 1, 2017
    risk 0.40cvss 6.1epss 0.01

    A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in…

  • CVE-2014-0888Aug 29, 2014
    risk 0.00cvss epss 0.01

    IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.