Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2017-1623 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-10 | CVE-2017-1534 | Open Redirect vulnerability in IBM products IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2018-01-10 | CVE-2017-1533 | Cross-site Scripting vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-10 | CVE-2017-1459 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2018-01-10 | CVE-2016-9722 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2018-01-10 | CVE-2017-7559 | HTTP Request Smuggling vulnerability in Redhat Undertow In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. | 6.1 |
| 2018-01-10 | CVE-2016-6810 | Cross-site Scripting vulnerability in Apache Activemq In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. | 6.1 |
| 2018-01-10 | CVE-2017-15717 | Cross-site Scripting vulnerability in Apache products A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. | 6.1 |
| 2018-01-10 | CVE-2018-5331 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | 5.4 |
| 2018-01-10 | CVE-2017-9796 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | 5.3 |