Summary
Detail | |||
---|---|---|---|
Vendor | Ibm | First view | 2015-05-20 |
Product | Content Manager | Last view | 2018-05-01 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.4 | 2018-05-01 | CVE-2018-1502 | IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. |
3.7 | 2015-05-20 | CVE-2015-4000 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-310 | Cryptographic Issues |
50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:29329 | AIX Logjam Vulnerability |
oval:org.mitre.oval:def:29478 | HP-UX OpenSSL Vulnerability (DHE man-in-the-middle protection (Logjam)) |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33806 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33805 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33804 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33803 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33802 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33801 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33800 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33799 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33798 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33797 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33796 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33795 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33794 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33793 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33792 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33791 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33790 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33789 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33788 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33787 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33786 - Type : SERVER-OTHER - Revision : 5 |
2015-04-14 | SSL request for export grade cipher suite attempt RuleID : 33785 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33784 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33783 - Type : SERVER-OTHER - Revision : 6 |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33782 - Type : SERVER-OTHER - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-01-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO |
2016-10-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3688.nasl - Type: ACT_GATHER_INFO |
2016-09-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2385-1.nasl - Type: ACT_GATHER_INFO |
2016-09-09 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1064.nasl - Type: ACT_GATHER_INFO |
2016-09-02 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2209-1.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1618-1.nasl - Type: ACT_GATHER_INFO |
2016-06-23 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO |
2016-06-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-507.nasl - Type: ACT_GATHER_INFO |
2016-06-01 | Name: The remote device is affected by multiple vulnerabilities. File: cisco_ace_A5_3_3.nasl - Type: ACT_GATHER_INFO |
2016-05-31 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201605-06.nasl - Type: ACT_GATHER_INFO |
2016-05-13 | Name: A web application running on the remote host is affected by multiple vulnerab... File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO |
2016-03-24 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_5_4.nasl - Type: ACT_GATHER_INFO |
2016-03-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201603-11.nasl - Type: ACT_GATHER_INFO |
2016-03-10 | Name: The remote AIX host has a version of OpenSSL installed that is affected by mu... File: aix_openssl_advisory17.nasl - Type: ACT_GATHER_INFO |
2016-02-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-218.nasl - Type: ACT_GATHER_INFO |
2016-02-17 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-215.nasl - Type: ACT_GATHER_INFO |
2016-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-102.nasl - Type: ACT_GATHER_INFO |
2016-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-104.nasl - Type: ACT_GATHER_INFO |
2016-02-02 | Name: The remote service is affected by multiple vulnerabilities. File: openssl_1_0_1r.nasl - Type: ACT_GATHER_INFO |
2016-02-02 | Name: The remote service is affected by multiple vulnerabilities. File: openssl_1_0_2f.nasl - Type: ACT_GATHER_INFO |
2016-01-26 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-92.nasl - Type: ACT_GATHER_INFO |
2016-01-26 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0224-1.nasl - Type: ACT_GATHER_INFO |
2016-01-21 | Name: The application installed on the remote host is affected by multiple vulnerab... File: oracle_secure_global_desktop_jan_2016_cpu.nasl - Type: ACT_GATHER_INFO |
2016-01-06 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_105fp7_nix.nasl - Type: ACT_GATHER_INFO |
2016-01-06 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_105fp7_win.nasl - Type: ACT_GATHER_INFO |