cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-4138,https://securityvulnerability.io/vulnerability/CVE-2020-4138,Local File Inclusion in IBM SiteProtector Appliance,"A local file inclusion vulnerability exists in IBM SiteProtector Appliance version 3.1.1, allowing web pages to be saved locally. This data can potentially be accessed by unauthorized users on the same system, posing a security risk. It is crucial for organizations using this software to implement necessary safeguards to prevent unauthorized access to sensitive information stored on the appliance.",IBM,Security Siteprotector System,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-11T17:15:00.000Z,0
CVE-2020-4150,https://securityvulnerability.io/vulnerability/CVE-2020-4150,Hard-Coded Credentials Vulnerability in IBM SiteProtector Appliance,"IBM SiteProtector Appliance 3.1.1 is susceptible to security risks due to the presence of hard-coded credentials that can be exploited by unauthorized users. These credentials, which may include passwords or cryptographic keys, are utilized for various purposes such as inbound authentication, outbound communication to other components, and encrypting internal data. The existence of these hard-coded values poses a significant risk, allowing potential attackers to gain unauthorized access or control over the affected system.",IBM,Security Siteprotector System,6.8,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2022-07-11T17:15:00.000Z,0
CVE-2020-4146,https://securityvulnerability.io/vulnerability/CVE-2020-4146,Information Disclosure Vulnerability in IBM Security SiteProtector,"IBM Security SiteProtector System 3.1.1 is vulnerable due to the absence of the 'HttpOnly' flag in its security settings. This lack of protection allows remote attackers to exploit the vulnerability and potentially access sensitive information stored in cookies, exposing users to data theft and unauthorized access. It is crucial for organizations using this product to implement necessary security measures to mitigate the risk associated with this vulnerability.",IBM,Security Siteprotector System,4,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-11-12T16:15:00.000Z,0
CVE-2020-4140,https://securityvulnerability.io/vulnerability/CVE-2020-4140,Cross-Site Scripting Vulnerability in IBM Security SiteProtector System,"The IBM Security SiteProtector System version 3.1.1 contains a vulnerability that enables cross-site scripting attacks. This flaw permits an attacker to inject malicious JavaScript code into the Web UI, potentially compromising the integrity of user sessions. As a result, sensitive information, such as user credentials, may be exposed within a trusted environment, posing significant security risks to the affected users and the system.",IBM,Security Siteprotector System,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-11-12T16:15:00.000Z,0
CVE-2015-0172,https://securityvulnerability.io/vulnerability/CVE-2015-0172,,"IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.",IBM,Security Siteprotector System,7.5,HIGH,0.0033499998971819878,false,,false,false,false,,,false,false,,2018-04-10T15:00:00.000Z,0
CVE-2015-0162,https://securityvulnerability.io/vulnerability/CVE-2015-0162,,"IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.",IBM,Security Siteprotector System,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-09-20T18:00:00.000Z,0
CVE-2015-0168,https://securityvulnerability.io/vulnerability/CVE-2015-0168,,"Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",IBM,Security Siteprotector System,,,0.0006300000241026282,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2015-0160,https://securityvulnerability.io/vulnerability/CVE-2015-0160,,"IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.",IBM,Security Siteprotector System,,,0.002309999894350767,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2015-0171,https://securityvulnerability.io/vulnerability/CVE-2015-0171,,"Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.",IBM,Security Siteprotector System,,,0.0007699999841861427,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2015-0169,https://securityvulnerability.io/vulnerability/CVE-2015-0169,,"IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.",IBM,Security Siteprotector System,,,0.0007900000200606883,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2015-0170,https://securityvulnerability.io/vulnerability/CVE-2015-0170,,"IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.",IBM,Security Siteprotector System,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2015-0161,https://securityvulnerability.io/vulnerability/CVE-2015-0161,,"SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",IBM,Security Siteprotector System,,,0.0010400000028312206,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0