Vulnerabilities > IBM > Tealeaf Customer Experience

DATE CVE VULNERABILITY TITLE RISK
2018-03-27 CVE-2015-4987 Improper Authentication vulnerability in IBM Tealeaf Customer Experience
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors.
network
low complexity
ibm CWE-287
6.5
2018-01-26 CVE-2017-1279 Path Traversal vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2018-01-26 CVE-2017-1204 Use of Hard-coded Credentials vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials.
network
low complexity
ibm CWE-798
critical
9.8
2018-01-26 CVE-2016-2983 Improper Input Validation vulnerability in IBM Tealeaf Customer Experience 8.7/8.8/9.0.2
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security.
network
high complexity
ibm CWE-20
8.1
2016-11-25 CVE-2016-5968 Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
network
low complexity
ibm CWE-918
5.3
2016-11-24 CVE-2015-4961 Information Exposure vulnerability in IBM Tealeaf Customer Experience
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
high complexity
ibm CWE-200
2.6
2016-09-26 CVE-2016-5997 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
6.5
2016-09-26 CVE-2016-5996 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
7.5
2016-09-26 CVE-2016-5978 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
network
low complexity
ibm CWE-79
5.4
2016-09-26 CVE-2016-5977 Open Redirect vulnerability in IBM Tealeaf Customer Experience
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-601
6.8