U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): pureapplication
  • Search Type: Search All
  • Match: Exact
  • CPE Name Search: false
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity

IBM PureApplication System through could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.

Published: June 26, 2019; 11:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

IBM PureApplication System through does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.

Published: June 26, 2019; 11:15:10 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

IBM PureApplication System through weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.

Published: June 26, 2019; 11:15:10 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

IBM PureApplication System through stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

Published: June 26, 2019; 11:15:09 AM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW

IBM PureApplication System through is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.

Published: June 26, 2019; 11:15:09 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before iFix 10, 1.1 before, and 2.0 before and Workload Deployer before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Published: January 09, 2015; 9:59:26 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH

IBM PureApplication System 1.0 before cfix8 and 1.1 before IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.

Published: June 14, 2014; 7:18:54 AM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM