VYPR

Mobilefirst Platform Foundation

by IBM

CVEs (5)

  • CVE-2017-1772MedApr 4, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1500MedAug 1, 2017
    risk 0.40cvss 6.1epss 0.01

    A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in…

  • CVE-2020-4229Jun 5, 2020
    risk 0.00cvss epss 0.01

    IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.

  • CVE-2020-4226May 27, 2020
    risk 0.00cvss epss 0.01

    IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.

  • CVE-2014-0888Aug 29, 2014
    risk 0.00cvss epss 0.01

    IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.