Ibm Marketing Platform vulnerabilities

CVE-2017-1107 [MEDIUM] CWE-200 CVE-2017-1107: IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers tha IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

CVE-2018-1920 [HIGH] CWE-611 CVE-2018-1920: IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.

CVE-2018-1424 [HIGH] CWE-611 CVE-2018-1424: IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.

CVE-2016-6112 [HIGH] CWE-264 CVE-2016-6112: IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticate IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.

CVE-2016-0255 [MEDIUM] CWE-79 CVE-2016-0255: IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is view

CVE-2016-0228 [MEDIUM] CWE-601 CVE-2016-0228: IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.

CVE-2016-0224 [CRITICAL] CWE-89 CVE-2016-0224: SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows re SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2016-0233 [HIGH] CWE-89 CVE-2016-0233: SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows re SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2016-0229 [MEDIUM] CWE-79 CVE-2016-0229: Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allo Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2013-6311 [MEDIUM] CWE-89 CVE-2013-6311: SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated use SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2013-6309 [MEDIUM] CWE-94 CVE-2013-6309: IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and cons IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.

CVE-2013-6308 [MEDIUM] CVE-2013-6308: IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.

CVE-2013-6310 [LOW] CWE-79 CVE-2013-6310: Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote auth Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.