Andrea Scaduto

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue allows an authenticated user to obtain sensitive user information, such as passwords, through the WebUI. **Recommendations** For versions 7.1.2 and 7.2.0.2, consider restricting access to the WebUI to minimize the risk of exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1 IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue allows a remote attacker to conduct phishing attacks using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, the attacker could exploit this to spoof the URL displayed, redirecting a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. **Recommendations** For IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1, update to a version that includes the fix for this issue. For IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1 IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue is an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. **Recommendations** For IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1, update to a version that contains the fix for this issue. For IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2, update to a version that contains the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Symphony and Platform Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue allows an authenticated user to execute arbitrary commands due to improper handling of user-supplied input. **Recommendations** For versions 7.1.2 through 7.2.0.2, update to a version that properly handles user-supplied input to prevent arbitrary command execution.