Vulnerabilities > IBM > Algo ONE > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2017-1154 Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users.
network
low complexity
ibm CWE-200
6.5
6.5
2017-03-20 CVE-2017-1155 Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request.
network
low complexity
ibm CWE-200
4.3
4.3
2016-05-15 CVE-2016-0390 Cross-site Scripting vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4