Ibm Marketing Operations vulnerabilities

6 known vulnerabilities affecting ibm/marketing_operations.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM3LOW1

Vulnerabilities

Page 1 of 1

CVE-2020-4125HIGHCVSS 8.1≥ 10.1, ≤ 10.1.0.3≥ 11.1.0.1, ≤ 11.1.0.2+1 more2020-07-20

CVE-2020-4125 [HIGH] CWE-494 CVE-2020-4125: Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.

CVE-2017-1119MEDIUMCVSS 4.3≥ 9.1.0.0, ≤ 9.1.0.12≥ 9.1.2.0, ≤ 9.1.2.7+3 more2018-11-09

CVE-2017-1119 [MEDIUM] CWE-200 CVE-2017-1119: IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive in IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171.

CVE-2016-6112HIGHCVSS 8.8v8.6.0.0v9.0.0.0+2 more2017-05-22

CVE-2016-6112 [HIGH] CWE-264 CVE-2016-6112: IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticate IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.

CVE-2014-8887MEDIUMCVSS 4.0v7.2.0.0v7.2.0.4+62 more2015-06-07

CVE-2014-8887 [MEDIUM] CWE-20 CVE-2014-8887: IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors.

CVE-2014-6222MEDIUMCVSS 4.0v7.2.0.0v7.2.0.4+62 more2015-06-07

CVE-2014-6222 [MEDIUM] CWE-22 CVE-2014-6222: Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x be Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

CVE-2014-6175LOWCVSS 3.5v7.2.0.0v7.2.0.4+62 more2015-06-07

CVE-2014-6175 [LOW] CWE-79 CVE-2014-6175: Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8 Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.