Ibm Pureapplication System vulnerabilities

10 known vulnerabilities affecting ibm/pureapplication_system.

Total CVEs
10
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2019-4241HIGHCVSS 7.8≥ 2.2.3.0, ≤ 2.2.5.3v2.2.3.0+7 more2019-06-26
CVE-2019-4241 [HIGH] CVE-2019-4241: IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local acce IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
cvelistv5nvd
CVE-2019-4224HIGHCVSS 8.8≥ 2.2.3.0, ≤ 2.2.5.3v2.2.3.0+7 more2019-06-26
CVE-2019-4224 [HIGH] CWE-89 CVE-2019-4224: IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.
cvelistv5nvd
CVE-2019-4235HIGHCVSS 7.5≥ 2.2.3.0, ≤ 2.2.5.3v2.2.3.0+7 more2019-06-26
CVE-2019-4235 [HIGH] CWE-521 CVE-2019-4235: IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong pa IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
cvelistv5nvd
CVE-2019-4234MEDIUMCVSS 4.3≥ 2.2.3.0, ≤ 2.2.5.3v2.2.3.0+7 more2019-06-26
CVE-2019-4234 [MEDIUM] CVE-2019-4234: IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
cvelistv5nvd
CVE-2019-4225MEDIUMCVSS 4.4≥ 2.2.3.0, ≤ 2.2.5.3v2.2.3.0+7 more2019-06-26
CVE-2019-4225 [MEDIUM] CWE-532 CVE-2019-4225: IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log f IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
cvelistv5nvd
CVE-2015-0235CRITICALCVSS 10.0PoCv1.0.0.0v1.1.0.0+1 more2015-01-28
CVE-2015-0235 [CRITICAL] CWE-787 CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x ve Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
nvd
CVE-2014-6158CRITICALCVSS 9.0v1.0.0.0v1.0.0.1+8 more2015-01-10
CVE-2014-6158 [CRITICAL] CWE-22 CVE-2014-6158: Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication Syste Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
nvd
CVE-2014-7169CRITICALCVSS 9.8KEVPoC≥ 1.0.0.0, ≤ 1.0.0.4≥ 1.1.0.0, ≤ 1.1.0.4+1 more2014-09-25
CVE-2014-7169 [CRITICAL] CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgi
nvd
CVE-2014-6271CRITICALCVSS 9.8KEVPoC≥ 1.0.0.0, ≤ 1.0.0.4≥ 1.1.0.0, ≤ 1.1.0.4+1 more2014-09-24
CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute
nvd
CVE-2014-0960MEDIUMCVSS 6.6v1.0.0.0v1.0.0.1+8 more2014-06-14
CVE-2014-0960 [MEDIUM] CWE-264 CVE-2014-0960: IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authent IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.
nvd