Vulnerabilities > IBM > Campaign

DATE CVE VULNERABILITY TITLE RISK
2019-07-17 CVE-2018-1921 Cross-site Scripting vulnerability in IBM Campaign
IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-06-19 CVE-2019-4384 Path Traversal vulnerability in IBM Campaign 10.1/9.1.2
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.3
4.3
2018-12-05 CVE-2018-1941 Improper Privilege Management vulnerability in IBM Campaign
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions.
local
low complexity
ibm CWE-269
7.8
7.8
2018-11-09 CVE-2016-9749 Improper Input Validation vulnerability in IBM Campaign
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation.
local
low complexity
ibm CWE-20
3.3
3.3
2018-09-07 CVE-2017-1115 Injection vulnerability in IBM Campaign 10.0/9.1/9.1.2
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection.
network
low complexity
ibm CWE-74
5.4
5.4
2018-09-07 CVE-2017-1114 Cross-site Scripting vulnerability in IBM Campaign 10.0/9.1/9.1.2
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-04-27 CVE-2017-1116 Information Exposure vulnerability in IBM Campaign
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks.
network
low complexity
ibm CWE-200
4.3
4.3
2017-02-01 CVE-2016-0265 Cross-site Scripting vulnerability in IBM Campaign
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
5.4