Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Smartcloud Analytics Log Analysis
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-4244 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
CVE-2019-4243 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 3.6 LOW 4.4 MEDIUM
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.
CVE-2019-4216 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
CVE-2019-4215 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.
CVE-2019-4214 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 4.3 MEDIUM 3.7 LOW
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
CVE-2013-6738 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.