Ibm

Engineering Lifecycle Optimization - Publishing

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2020-4316

  • EPSS 0.17%
  • Veröffentlicht 16.07.2020 15:15:27
  • Zuletzt bearbeitet 25.03.2025 14:51:52

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

5.4

CVE-2019-4431

  • EPSS 0.24%
  • Veröffentlicht 12.02.2020 16:15:11
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

5.4

CVE-2018-1951

  • EPSS 0.22%
  • Veröffentlicht 04.01.2019 15:29:00
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4

CVE-2018-1657

  • EPSS 0.22%
  • Veröffentlicht 04.01.2019 15:29:00
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4

CVE-2018-1534

  • EPSS 0.16%
  • Veröffentlicht 12.10.2018 11:29:00
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

5.4

CVE-2018-1533

  • EPSS 0.18%
  • Veröffentlicht 12.10.2018 11:29:00
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

6.7

CVE-2017-1787

  • EPSS 0.04%
  • Veröffentlicht 02.03.2018 17:29:00
  • Zuletzt bearbeitet 25.03.2025 14:26:28

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

5.5

CVE-2016-2914

  • EPSS 1.13%
  • Veröffentlicht 08.08.2016 01:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

5.4

CVE-2016-2912

  • EPSS 0.17%
  • Veröffentlicht 08.08.2016 01:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.