Ibm

Engineering Lifecycle Optimization - Publishing

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2020-4316

  • EPSS 0.17%
  • Published 16.07.2020 15:15:27
  • Last modified 25.03.2025 14:51:52

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

5.4

CVE-2019-4431

  • EPSS 0.24%
  • Published 12.02.2020 16:15:11
  • Last modified 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

5.4

CVE-2018-1951

  • EPSS 0.23%
  • Published 04.01.2019 15:29:00
  • Last modified 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4

CVE-2018-1657

  • EPSS 0.23%
  • Published 04.01.2019 15:29:00
  • Last modified 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4

CVE-2018-1534

  • EPSS 0.16%
  • Published 12.10.2018 11:29:00
  • Last modified 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

5.4

CVE-2018-1533

  • EPSS 0.18%
  • Published 12.10.2018 11:29:00
  • Last modified 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

6.7

CVE-2017-1787

  • EPSS 0.04%
  • Published 02.03.2018 17:29:00
  • Last modified 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

5.5

CVE-2016-2914

  • EPSS 1.13%
  • Published 08.08.2016 01:59:09
  • Last modified 12.04.2025 10:46:40

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

5.4

CVE-2016-2912

  • EPSS 0.17%
  • Published 08.08.2016 01:59:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.