Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3226 1 Denx 1 U-boot 2019-10-09 4.4 MEDIUM 6.4 MEDIUM
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.
CVE-2017-2674 1 Redhat 1 Jboss Bpm Suite 2019-10-09 3.5 LOW 5.4 MEDIUM
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.
CVE-2017-3180 1 Tibco 10 Silver Fabric Enabler For Spotfire Web Player, Spotfire Analyst, Spotfire Analytics Platform For Aws and 7 more 2019-10-09 3.5 LOW 5.4 MEDIUM
Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1
CVE-2017-3225 1 Denx 1 U-boot 2019-10-09 2.1 LOW 4.6 MEDIUM
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.
CVE-2017-2658 1 Redhat 2 Jboss Bpm Suite, Jboss Data Virtualization \& Services 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
CVE-2017-2661 1 Clusterlabs 1 Pcs 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
CVE-2017-2662 1 Theforeman 1 Katello 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
CVE-2017-2664 1 Redhat 2 Cloudforms, Cloudforms Management Engine 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
CVE-2017-2666 2 Debian, Redhat 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2019-10-09 6.4 MEDIUM 6.5 MEDIUM
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVE-2017-2668 2 Fedoraproject, Redhat 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
CVE-2017-3182 1 Threatmetrix 1 Threatmetrix Sdk 2019-10-09 4.3 MEDIUM 6.8 MEDIUM
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity capabilities. The ThreatMetrix SDK versions prior to 3.2 do not validate SSL certificates on the iOS platform. An affected application will communicate with https://h-sdk.online-metrix.net, regardless of whether the connection is secure or not. An attacker on the same network as or upstream from the iOS device may be able to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.
CVE-2017-3967 1 Mcafee 1 Network Security Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
CVE-2017-3966 1 Mcafee 1 Network Security Manager 2019-10-09 6.5 MEDIUM 6.3 MEDIUM
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
CVE-2017-3964 1 Mcafee 1 Network Security Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-3850 1 Cisco 2 Ios, Ios Xe 2019-10-09 7.1 HIGH 5.9 MEDIUM
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729.
CVE-2017-3188 1 Dotcms 1 Dotcms 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for writing files to arbitrary directories on the file system. These archives may be uploaded directly via the administrator panel, or using the CSRF vulnerability (CVE-2017-3187). An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.
CVE-2017-3135 4 Debian, Isc, Netapp and 1 more 10 Debian Linux, Bind, Data Ontap Edge and 7 more 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
CVE-2017-3140 2 Isc, Netapp 4 Bind, Data Ontap Edge, Element Software and 1 more 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
CVE-2017-3138 3 Debian, Isc, Netapp 5 Debian Linux, Bind, Data Ontap Edge and 2 more 2019-10-09 3.5 LOW 5.3 MEDIUM
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
CVE-2017-2648 1 Jenkins 1 Ssh Slaves 2019-10-09 6.8 MEDIUM 5.6 MEDIUM
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
CVE-2017-2653 1 Redhat 2 Cloudforms, Cloudforms Management Engine 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.
CVE-2017-3971 1 Mcafee 1 Network Security Manager 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
CVE-2017-3969 1 Mcafee 1 Network Security Manager 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-3961 1 Mcafee 1 Network Security Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2017-4028 2 Mcafee, Microsoft 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more 2019-10-09 2.1 LOW 4.4 MEDIUM
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
CVE-2017-2638 2 Infinispan, Redhat 2 Infinispan, Jboss Data Grid 2019-10-09 6.4 MEDIUM 6.5 MEDIUM
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVE-2017-2654 1 Jenkins 1 Email Extension 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.
CVE-2017-3215 1 Milwaukee 1 One-key 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.
CVE-2017-2625 2 Redhat, X.org 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 2.1 LOW 5.5 MEDIUM
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
CVE-2017-1115 1 Ibm 1 Campaign 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
CVE-2017-1317 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729.
CVE-2017-1329 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
CVE-2017-1367 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860.
CVE-2017-2629 1 Haxx 1 Curl 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).
CVE-2017-2632 1 Redhat 2 Cloudforms, Cloudforms Management Engine 2019-10-09 4.0 MEDIUM 4.9 MEDIUM
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
CVE-2017-2633 2 Qemu, Redhat 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
CVE-2017-2635 1 Redhat 1 Libvirt 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
CVE-2017-1272 1 Ibm 1 Security Guardium 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.
CVE-2017-1265 1 Ibm 1 Security Guardium 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.
CVE-2017-1729 1 Ibm 1 Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909.
CVE-2017-1368 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861.
CVE-2017-1732 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913.
CVE-2017-1250 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.
CVE-2017-1248 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
CVE-2017-1242 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
CVE-2017-1747 1 Ibm 1 Websphere Mq 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
CVE-2017-1748 1 Ibm 1 Connections 2019-10-09 5.8 MEDIUM 6.1 MEDIUM
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521.
CVE-2017-1412 1 Ibm 1 Security Identity Governance And Intelligence 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400.
CVE-2017-1239 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
CVE-2017-1238 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.