Search criteria
8 vulnerabilities found for monitoring by ibm
CVE-2019-4131 (GCVE-0-2019-4131)
Vulnerability from nvd – Published: 2019-07-11 19:55 – Updated: 2024-09-17 02:53
VLAI?
Summary
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.
Severity ?
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.4
|
Date Public ?
2019-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2019-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/A:N/I:L/S:U/PR:N/C:N/AC:L/AV:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T19:55:18.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-01T00:00:00",
"ID": "CVE-2019-4131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10957121",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 957121 (Monitoring)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4131",
"datePublished": "2019-07-11T19:55:18.677Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:12.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1441 (GCVE-0-2018-1441)
Vulnerability from nvd – Published: 2018-03-14 00:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.
Severity ?
6.1 (Medium)
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.3
Affected: 8.1.4 |
Date Public ?
2018-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T23:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-10T00:00:00",
"ID": "CVE-2018-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.3"
},
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013557",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1441",
"datePublished": "2018-03-14T00:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:39:34.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1442 (GCVE-0-2018-1442)
Vulnerability from nvd – Published: 2018-03-08 16:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.
Severity ?
4.3 (Medium)
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.4
|
Date Public ?
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:N/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "103368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-02T00:00:00",
"ID": "CVE-2018-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013500",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1442",
"datePublished": "2018-03-08T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:34.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1387 (GCVE-0-2018-1387)
Vulnerability from nvd – Published: 2018-03-08 16:00 – Updated: 2024-09-17 00:45
VLAI?
Summary
IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.
Severity ?
5.3 (Medium)
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.3
Affected: 8.1.4 |
Date Public ?
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-02T00:00:00",
"ID": "CVE-2018-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.3"
},
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014035",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1387",
"datePublished": "2018-03-08T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:49.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4131 (GCVE-0-2019-4131)
Vulnerability from cvelistv5 – Published: 2019-07-11 19:55 – Updated: 2024-09-17 02:53
VLAI?
Summary
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.
Severity ?
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.4
|
Date Public ?
2019-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2019-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/A:N/I:L/S:U/PR:N/C:N/AC:L/AV:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T19:55:18.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-01T00:00:00",
"ID": "CVE-2019-4131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10957121",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 957121 (Monitoring)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957121"
},
{
"name": "ibm-apm-cve20194131-dns (158270)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4131",
"datePublished": "2019-07-11T19:55:18.677Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:12.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1441 (GCVE-0-2018-1441)
Vulnerability from cvelistv5 – Published: 2018-03-14 00:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.
Severity ?
6.1 (Medium)
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.3
Affected: 8.1.4 |
Date Public ?
2018-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T23:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-10T00:00:00",
"ID": "CVE-2018-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.3"
},
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-itcam-cve20181441-xss(139597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139597"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013557",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1441",
"datePublished": "2018-03-14T00:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:39:34.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1442 (GCVE-0-2018-1442)
Vulnerability from cvelistv5 – Published: 2018-03-08 16:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598.
Severity ?
4.3 (Medium)
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.4
|
Date Public ?
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:N/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "103368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-02T00:00:00",
"ID": "CVE-2018-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103368"
},
{
"name": "ibm-itcam-cve20181442-csrf(139598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139598"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013500",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1442",
"datePublished": "2018-03-08T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:34.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1387 (GCVE-0-2018-1387)
Vulnerability from cvelistv5 – Published: 2018-03-08 16:00 – Updated: 2024-09-17 00:45
VLAI?
Summary
IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.
Severity ?
5.3 (Medium)
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Monitoring |
Affected:
8.1.3
Affected: 8.1.4 |
Date Public ?
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-02T00:00:00",
"ID": "CVE-2018-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monitoring",
"version": {
"version_data": [
{
"version_value": "8.1.3"
},
{
"version_value": "8.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Application Performance Management for Monitoring \u0026 Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014035",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014035"
},
{
"name": "ibm-apm-cve20181387-info-disc(138210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138210"
},
{
"name": "103403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1387",
"datePublished": "2018-03-08T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:49.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}