JVN/CVE Demo: Jvninfos

JVN List

Name	Title	Summary	Cveinfo	Cvssv2	Jvnurl	Published Date	Last Updated Date	Actions
JVNDB-2014-004993	IBM Security QRadar SIEM におけるクリックジャッキング攻撃を実行される脆弱性	IBM Security QRadar SIEM には、クリックジャッキング攻撃を実行される脆弱性が存在します。	CVE-2014-4828	4.3	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004993.html	2014-10-08	2014-10-27	View
JVNDB-2014-004992	IBM Security QRadar SIEM におけるクロスサイトスクリプティングの脆弱性	IBM Security QRadar SIEM には、クロスサイトスクリプティングの脆弱性が存在します。	CVE-2014-4827	4.3	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004992.html	2014-10-08	2014-10-27	View
JVNDB-2014-004281	IBM Security QRadar SIEM における重要な平文情報を取得される脆弱性	IBM Security QRadar SIEM は、SSH 接続を適切に処理しないため、重要な平文情報を取得される脆弱性が存在します。	CVE-2014-4826	4.3	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004281.html	2014-09-15	2014-09-19	View
JVNDB-2014-004991	IBM Security QRadar SIEM における平文の認証情報を取得される脆弱性	IBM Security QRadar SIEM は、セキュアな接続を実装していないため、平文の認証情報を取得される脆弱性が存在します。	CVE-2014-4825	4.3	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004991.html	2014-10-08	2014-10-27	View
JVNDB-2014-004280	IBM Security QRadar SIEM における SQL インジェクションの脆弱性	IBM Security QRadar SIEM には、SQL インジェクションの脆弱性が存在します。	CVE-2014-4824	6.5	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004280.html	2014-09-15	2014-09-19	View

Page 3109 of 13768, showing 5 records out of 68839 total, starting on record 15541, ending on 15545

<<first <prev 3105 | 3106 | 3107 | 3108 | 3109 | 3110 | 3111 | 3112 | 3113 next> last>>

Actions

List NVD

History
+
Request History
4 previous requests available
====
Session
+
Session
- 0(null)
====
Request
+
Request

Cake Params
- plugin(null)
- controllerjvninfos
- actionindex
- named(array)
  page3109
  sortcveinfo_id
  directiondesc
- pass(empty)
- paging(array)
  Jvninfo(array)
  page3109
  current5
  count68839
  prevPage(true)
  nextPage(true)
  pageCount13768
  order(array)
  Jvninfo.cveinfo_iddesc
  limit5
  options(array)
  page3109
  order(array)
  Jvninfo.cveinfo_iddesc
  sortcveinfo_id
  directiondesc
  conditions(empty)
  paramTypenamed
Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route
- keys(array)
  0controller
  1action
- options(array)
  defaultRoute(true)
- defaults(array)
  plugin(null)
- template/:controller/:action/*
====
Sql Log
+

Sql Logs

default
No query logs.

====

Timer

+

Memory

Peak Memory Use 4.20 MB

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.29 MB
View render complete	2.79 MB

Timers

Total Request Time: 214 (ms)

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.78
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	191.99
Event: Controller.beforeRender	5.65
» Processing toolbar data	5.55
Rendering View	7.31
» Event: View.beforeRender	0.03
» Rendering APP/View/Jvninfos/index.ctp	6.09
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.79
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.08
Event: View.afterLayout	0.00

====

Log
+

Logs

There were no log entries made this request

====
Variables
+
View Variables
- jvninfos(array)
  0(array)
  Jvninfo(array)
  id16118
  nameJVNDB-2014-004993
  titleIBM Security QRadar SIEM におけるクリックジャッキング攻撃を実行される脆弱性
  summaryIBM Security QRadar SIEM には、クリックジャッキング攻撃を実行される脆弱性が存在します。
  cveinfo_nameCVE-2014-4828
  cveinfo_id72117
  nvdinfo_nameCVE-2014-4828
  nvdinfo_id32733
  cvssv24.3
  cvssv3(null)
  jvnurlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004993.html
  published_date2014-10-08
  registered_date2014-10-27
  last_updated_date2014-10-27
  deleted(null)
  created0000-00-00 00:00:00
  modified(null)
  Cveinfo(array)
  id72117
  nameCVE-2014-4820
  statusCandidate
  descriptionCross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
  phaseAssigned (20140709)
  votesNone (candidate not yet proposed)
  comments(null)
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  Nvdinfo(array)
  id32733
  nameCVE-2014-4828
  descriptionIBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.
  reject(null)
  CVSS_version2
  CVSS_score4.3
  severityMedium
  CVSS_base_score4.3
  CVSS_impact_subscore2.9
  CVSS_exploit_subscore8.6
  nvd_xml_version(null)
  CVSS_vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
  sourcecve
  pub_date2017-01-19
  published2014-10-18
  modified_date2014-10-22
  typeCVE
  seq2014-4828
  deleted(null)
  created(null)
  modified(null)
  1(array)
  Jvninfo(array)
  id16117
  nameJVNDB-2014-004992
  titleIBM Security QRadar SIEM におけるクロスサイトスクリプティングの脆弱性
  summaryIBM Security QRadar SIEM には、クロスサイトスクリプティングの脆弱性が存在します。
  cveinfo_nameCVE-2014-4827
  cveinfo_id72116
  nvdinfo_nameCVE-2014-4827
  nvdinfo_id32732
  cvssv24.3
  cvssv3(null)
  jvnurlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004992.html
  published_date2014-10-08
  registered_date2014-10-27
  last_updated_date2014-10-27
  deleted(null)
  created0000-00-00 00:00:00
  modified(null)
  Cveinfo(array)
  id72116
  nameCVE-2014-4819
  statusCandidate
  descriptionThe web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page.
  phaseAssigned (20140709)
  votesNone (candidate not yet proposed)
  comments(null)
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  Nvdinfo(array)
  id32732
  nameCVE-2014-4827
  descriptionCross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  reject(null)
  CVSS_version2
  CVSS_score4.3
  severityMedium
  CVSS_base_score4.3
  CVSS_impact_subscore2.9
  CVSS_exploit_subscore8.6
  nvd_xml_version(null)
  CVSS_vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
  sourcecve
  pub_date2017-01-19
  published2014-10-18
  modified_date2014-10-23
  typeCVE
  seq2014-4827
  deleted(null)
  created(null)
  modified(null)
  2(array)
  Jvninfo(array)
  id15406
  nameJVNDB-2014-004281
  titleIBM Security QRadar SIEM における重要な平文情報を取得される脆弱性
  summaryIBM Security QRadar SIEM は、SSH 接続を適切に処理しないため、重要な平文情報を取得される脆弱性が存在します。
  cveinfo_nameCVE-2014-4826
  cveinfo_id72115
  nvdinfo_nameCVE-2014-4826
  nvdinfo_id32731
  cvssv24.3
  cvssv3(null)
  jvnurlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004281.html
  published_date2014-09-15
  registered_date2014-09-19
  last_updated_date2014-09-19
  deleted(null)
  created0000-00-00 00:00:00
  modified(null)
  Cveinfo(array)
  id72115
  nameCVE-2014-4818
  statusCandidate
  descriptiondsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.
  phaseAssigned (20140709)
  votesNone (candidate not yet proposed)
  comments(null)
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  Nvdinfo(array)
  id32731
  nameCVE-2014-4826
  descriptionIBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  reject(null)
  CVSS_version2
  CVSS_score4.3
  severityMedium
  CVSS_base_score4.3
  CVSS_impact_subscore2.9
  CVSS_exploit_subscore8.6
  nvd_xml_version(null)
  CVSS_vector(AV:N/AC:M/Au:N/C:P/I:N/A:N)
  sourcecve
  pub_date2017-01-19
  published2014-09-18
  modified_date2017-01-06
  typeCVE
  seq2014-4826
  deleted(null)
  created(null)
  modified(null)
  3(array)
  Jvninfo(array)
  id16116
  nameJVNDB-2014-004991
  titleIBM Security QRadar SIEM における平文の認証情報を取得される脆弱性
  summaryIBM Security QRadar SIEM は、セキュアな接続を実装していないため、平文の認証情報を取得される脆弱性が存在します。
  cveinfo_nameCVE-2014-4825
  cveinfo_id72114
  nvdinfo_nameCVE-2014-4825
  nvdinfo_id32730
  cvssv24.3
  cvssv3(null)
  jvnurlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004991.html
  published_date2014-10-08
  registered_date2014-10-27
  last_updated_date2014-10-27
  deleted(null)
  created0000-00-00 00:00:00
  modified(null)
  Cveinfo(array)
  id72114
  nameCVE-2014-4817
  statusCandidate
  descriptionThe server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
  phaseAssigned (20140709)
  votesNone (candidate not yet proposed)
  comments(null)
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  Nvdinfo(array)
  id32730
  nameCVE-2014-4825
  descriptionIBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors.
  reject(null)
  CVSS_version2
  CVSS_score4.3
  severityMedium
  CVSS_base_score4.3
  CVSS_impact_subscore2.9
  CVSS_exploit_subscore8.6
  nvd_xml_version(null)
  CVSS_vector(AV:N/AC:M/Au:N/C:P/I:N/A:N)
  sourcecve
  pub_date2017-01-19
  published2014-10-18
  modified_date2014-10-23
  typeCVE
  seq2014-4825
  deleted(null)
  created(null)
  modified(null)
  4(array)
  Jvninfo(array)
  id15405
  nameJVNDB-2014-004280
  titleIBM Security QRadar SIEM における SQL インジェクションの脆弱性
  summaryIBM Security QRadar SIEM には、SQL インジェクションの脆弱性が存在します。
  cveinfo_nameCVE-2014-4824
  cveinfo_id72113
  nvdinfo_nameCVE-2014-4824
  nvdinfo_id32729
  cvssv26.5
  cvssv3(null)
  jvnurlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004280.html
  published_date2014-09-15
  registered_date2014-09-19
  last_updated_date2014-09-19
  deleted(null)
  created0000-00-00 00:00:00
  modified(null)
  Cveinfo(array)
  id72113
  nameCVE-2014-4816
  statusCandidate
  descriptionCross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
  phaseAssigned (20140709)
  votesNone (candidate not yet proposed)
  comments(null)
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  Nvdinfo(array)
  id32729
  nameCVE-2014-4824
  descriptionSQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
  reject(null)
  CVSS_version2
  CVSS_score6.5
  severityMedium
  CVSS_base_score6.5
  CVSS_impact_subscore6.4
  CVSS_exploit_subscore8
  nvd_xml_version(null)
  CVSS_vector(AV:N/AC:L/Au:S/C:P/I:P/A:P)
  sourcecve
  pub_date2017-01-19
  published2014-09-18
  modified_date2017-01-06
  typeCVE
  seq2014-4824
  deleted(null)
  created(null)
  modified(null)
- $request->data(empty)
- $this->validationErrors(array)
  Jvninfo(empty)
  Cveinfo(empty)
  Nvdinfo(empty)
- Loaded Helpers(array)
  0Number
  1SimpleGraph
  2Paginator
  3DebugTimer
  4Toolbar
  5Html
  6Text
  7Form
  8Session
  9HtmlToolbar
====

+

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/jvninfos/index/page:3109/sort:cveinfo_id/direction:desc
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/jvninfos/index/page:3109/sort:cveinfo_id/direction:desc
Remote Port	4840
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.154
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.14.45
Http Via	1.1 squid-proxy-5b5d847c96-mw4wx (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.154
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.154
Unique Id	aJUmmRzKchGjMMGwxP58RAAAACM
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.154
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.154
Redirect Unique Id	aJUmmRzKchGjMMGwxP58RAAAACM
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.154
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.154
Redirect Redirect Unique Id	aJUmmRzKchGjMMGwxP58RAAAACM
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1754605209.9028
Request Time	1754605209

====

Include
+
Included Files

Include Paths
- 0/virtual/inogo77/public_html/jvn/lib
- 2/opt/remi/php56/root/usr/share/pear
- 3/opt/remi/php56/root/usr/share/php
- 4/usr/share/pear
- 5/usr/share/php
- 6-> /virtual/inogo77/public_html/jvn/lib/Cake/
Included Files
- core(array)
  Cache(array)
  0CORE/Cache/Cache.php
  1CORE/Cache/Engine/FileEngine.php
  2CORE/Cache/CacheEngine.php
  Component(array)
  0CORE/Controller/Component/SessionComponent.php
  1CORE/Controller/Component/PaginatorComponent.php
  Config(array)
  0CORE/Config/routes.php
  1CORE/Config/config.php
  Controller(array)
  0CORE/Controller/Controller.php
  1CORE/Controller/ComponentCollection.php
  2CORE/Controller/Component.php
  Datasource(array)
  0CORE/Model/Datasource/CakeSession.php
  1CORE/Model/Datasource/Database/Mysql.php
  2CORE/Model/Datasource/DboSource.php
  3CORE/Model/Datasource/DataSource.php
  Error(array)
  0CORE/Error/exceptions.php
  1CORE/Error/ErrorHandler.php
  I18n(array)
  0CORE/I18n/I18n.php
  1CORE/I18n/L10n.php
  Log(array)
  0CORE/Log/CakeLog.php
  1CORE/Log/LogEngineCollection.php
  2CORE/Log/Engine/FileLog.php
  3CORE/Log/Engine/BaseLog.php
  4CORE/Log/CakeLogInterface.php
  Model(array)
  0CORE/Model/Model.php
  1CORE/Model/BehaviorCollection.php
  2CORE/Model/ConnectionManager.php
  Network(array)
  0CORE/Network/CakeRequest.php
  1CORE/Network/CakeResponse.php
  Other(array)
  0CORE/bootstrap.php
  1CORE/basics.php
  2CORE/Core/App.php
  3CORE/Core/Configure.php
  4CORE/Core/CakePlugin.php
  5CORE/Event/CakeEventListener.php
  6CORE/Event/CakeEvent.php
  7CORE/Event/CakeEventManager.php
  8CORE/Core/Object.php
  Routing(array)
  0CORE/Routing/Dispatcher.php
  1CORE/Routing/Filter/AssetDispatcher.php
  2CORE/Routing/DispatcherFilter.php
  3CORE/Routing/Filter/CacheDispatcher.php
  4CORE/Routing/Router.php
  5CORE/Routing/Route/CakeRoute.php
  6CORE/Routing/Route/PluginShortRoute.php
  Utility(array)
  0CORE/Utility/Hash.php
  1CORE/Utility/Inflector.php
  2CORE/Utility/ObjectCollection.php
  3CORE/Utility/Debugger.php
  4CORE/Utility/String.php
  5CORE/Utility/ClassRegistry.php
  View(array)
  0CORE/View/HelperCollection.php
- app(array)
  Component(array)
  0APP/Controller/Component/CommonComponent.php
  Config(array)
  0APP/Config/core.php
  1APP/Config/bootstrap.php
  2APP/Config/routes.php
  3APP/Config/database.php
  Controller(array)
  0APP/Controller/JvninfosController.php
  1APP/Controller/AppController.php
  Model(array)
  0APP/Model/Jvninfo.php
  1APP/Model/AppModel.php
  2APP/Model/Cveinfo.php
  3APP/Model/Nvdinfo.php
  Other(array)
  0APP/webroot/index.php
- plugins(array)
  DebugKit(array)
  Component(array)
  0DebugKit/Controller/Component/ToolbarComponent.php
  Other(array)
  0DebugKit/Lib/DebugMemory.php
  1DebugKit/Lib/Panel/HistoryPanel.php
  2DebugKit/Lib/DebugPanel.php
  3DebugKit/Lib/Panel/SessionPanel.php
  4DebugKit/Lib/Panel/RequestPanel.php
  5DebugKit/Lib/Panel/SqlLogPanel.php
  6DebugKit/Lib/Panel/TimerPanel.php
  7DebugKit/Lib/Panel/LogPanel.php
  8DebugKit/Lib/Panel/VariablesPanel.php
  9DebugKit/Lib/Panel/EnvironmentPanel.php
  10DebugKit/Lib/Panel/IncludePanel.php
  11DebugKit/Lib/DebugTimer.php
  Log(array)
  0DebugKit/Lib/Log/Engine/DebugKitLog.php
====