Vulnerabilities > IBM > Security Siteprotector System > 3.0.0.4

DATE CVE VULNERABILITY TITLE RISK
2015-05-25 CVE-2015-0171 Path Traversal vulnerability in IBM Security Siteprotector System
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
5.5
5.5
2015-05-25 CVE-2015-0170 Information Exposure vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.
local
low complexity
ibm CWE-200
2.1
2.1
2015-05-25 CVE-2015-0169 Injection vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
network
low complexity
ibm CWE-74
4.0
4.0
2015-05-25 CVE-2015-0168 Cross-site Scripting vulnerability in IBM Security Siteprotector System
Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2015-05-25 CVE-2015-0161 SQL Injection vulnerability in IBM Security Siteprotector System
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2015-05-25 CVE-2015-0160 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
network
low complexity
ibm CWE-264
critical
 9.0
9.0