Vulnerabilities > IBM > Security Siteprotector System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-11 | CVE-2020-4138 | Unspecified vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. | 5.5 |
| 2022-07-11 | CVE-2020-4150 | Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2021-11-12 | CVE-2020-4140 | Cross-site Scripting vulnerability in IBM Security Siteprotector System 3.1.1.0 IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-11-12 | CVE-2020-4146 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Siteprotector System 3.1.1.0 IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. | 5.3 |
| 2018-04-10 | CVE-2015-0172 | Information Exposure vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. | 7.5 |
| 2017-09-20 | CVE-2015-0162 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | 7.0 |