Ibm Tealeaf Customer Experience vulnerabilities
15 known vulnerabilities affecting ibm/tealeaf_customer_experience.
Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM9LOW2
Vulnerabilities
Page 1 of 1
CVE-2015-4987MEDIUMCVSS 6.5≥ 8.0, ≤ 9.0.22018-03-27
CVE-2015-4987 [MEDIUM] CWE-287 CVE-2015-4987: The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote atta
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.
nvd
CVE-2017-1204CRITICALCVSS 9.8v8.7v8.8+1 more2018-01-26
CVE-2017-1204 [CRITICAL] CWE-798 CVE-2017-1204: IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attack
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.
cvelistv5nvd
CVE-2016-2983HIGHCVSS 8.1v8.7v8.8+1 more2018-01-26
CVE-2016-2983 [HIGH] CWE-20 CVE-2016-2983: IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circ
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.
cvelistv5nvd
CVE-2017-1279MEDIUMCVSS 6.5v8.7v8.8+1 more2018-01-26
CVE-2017-1279 [MEDIUM] CWE-22 CVE-2017-1279: IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse direct
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.
cvelistv5nvd
CVE-2016-5968MEDIUMCVSS 5.3≤ 8.6v8.7+7 more2016-11-25
CVE-2016-5968 [MEDIUM] CWE-918 CVE-2016-5968: The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
nvd
CVE-2015-4961LOWCVSS 2.6≤ 8.6v8.7+7 more2016-11-24
CVE-2015-4961 [LOW] CWE-200 CVE-2015-4961: IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the net
nvd
CVE-2016-5996HIGHCVSS 7.5≤ 8.7v8.8+5 more2016-09-26
CVE-2016-5996 [HIGH] CWE-640 CVE-2016-5996: The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access vi
nvd
CVE-2016-5977MEDIUMCVSS 6.8≤ 8.7v8.8+5 more2016-09-26
CVE-2016-5977 [MEDIUM] CWE-601 CVE-2016-5977: Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 F
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites a
nvd
CVE-2016-5975MEDIUMCVSS 5.4≤ 8.7v8.8+5 more2016-09-26
CVE-2016-5975 [MEDIUM] CWE-79 CVE-2016-5975: Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Exp
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitr
nvd
CVE-2016-5997MEDIUMCVSS 6.5≤ 8.7v8.8+5 more2016-09-26
CVE-2016-5997 [MEDIUM] CWE-640 CVE-2016-5997: The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to ob
nvd
CVE-2016-5978MEDIUMCVSS 5.4v8.7v8.8+6 more2016-09-26
CVE-2016-5978 [MEDIUM] CVE-2016-5978: Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Exp
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web
nvd
CVE-2016-5976MEDIUMCVSS 4.9≤ 8.7v8.8+5 more2016-09-26
CVE-2016-5976 [MEDIUM] CWE-200 CVE-2016-5976: The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
nvd
CVE-2015-4988HIGHCVSS 8.6≤ 8.6v8.7+7 more2016-01-18
CVE-2015-4988 [HIGH] CWE-22 CVE-2015-4988: Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2015-4990MEDIUMCVSS 4.0≤ 8.6v8.7+7 more2016-01-02
CVE-2015-4990 [MEDIUM] CWE-200 CVE-2015-4990: The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
nvd
CVE-2015-4989LOWCVSS 3.7≤ 8.6v8.7+7 more2016-01-02
CVE-2015-4989 [LOW] CWE-200 CVE-2015-4989: The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
nvd