IBM » Intelligent Operations Center : Security Vulnerabilities, CVEs,
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-07-28
Updated
2020-07-28
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-07-28
Updated
2020-07-28
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
Max CVSS
6.2
EPSS Score
0.05%
Published
2019-08-20
Updated
2023-01-31
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
Max CVSS
8.2
EPSS Score
0.16%
Published
2019-08-20
Updated
2023-01-31
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-09-05
Updated
2022-12-02
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-06-07
Updated
2023-02-03
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-06-07
Updated
2022-12-09
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-06-07
Updated
2022-12-09
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-06-07
Updated
2023-02-03
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.
Max CVSS
8.8
EPSS Score
0.12%
Published
2019-06-07
Updated
2022-01-01
Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields.
Max CVSS
4.3
EPSS Score
0.18%
Published
2013-01-18
Updated
2017-08-29
11 vulnerabilities found