Vulnerabilities > IBM > Security Siteprotector System > 3.1.1.0

DATE CVE VULNERABILITY TITLE RISK
2021-11-12 CVE-2020-4140 Cross-site Scripting vulnerability in IBM Security Siteprotector System 3.1.1.0
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2021-11-12 CVE-2020-4146 Information Exposure vulnerability in IBM Security Siteprotector System 3.1.1.0
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag.
network
low complexity
ibm CWE-200
5.0
5.0
2018-04-10 CVE-2015-0172 Information Exposure vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors.
network
low complexity
ibm CWE-200
5.0
5.0
2017-09-20 CVE-2015-0162 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
local
ibm CWE-264
6.9
6.9
2015-05-25 CVE-2015-0171 Path Traversal vulnerability in IBM Security Siteprotector System
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
5.5
5.5
2015-05-25 CVE-2015-0170 Information Exposure vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.
local
low complexity
ibm CWE-200
2.1
2.1
2015-05-25 CVE-2015-0169 Injection vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
network
low complexity
ibm CWE-74
4.0
4.0
2015-05-25 CVE-2015-0168 Cross-site Scripting vulnerability in IBM Security Siteprotector System
Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2015-05-25 CVE-2015-0161 SQL Injection vulnerability in IBM Security Siteprotector System
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2015-05-25 CVE-2015-0160 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
network
low complexity
ibm CWE-264
critical
 9.0
9.0