Download
| Alert*
CVE-2016-0224
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CVE-2016-0233 SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. CVE-2016-0229 Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. CVE-2016-6112 IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. CVE-2013-6308 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. CVE-2013-6311 SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. CVE-2013-6310 Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. CVE-2013-6309 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. CVE-2017-1107 IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. |