CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27759
https://notcve.org/view.php?id=CVE-2021-27759
06 May 2022 — This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. Esta vulnerabilidad surge porque la aplicación permite al usuario llevar a cabo alguna acción confidencial sin verificar que la petición fue enviada intencionalmente. Un atacante puede causar que el navegador de la víctima emita una petición HTTP a ... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006 • CWE-345: Insufficient Verification of Data Authenticity CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27758
https://notcve.org/view.php?id=CVE-2021-27758
06 May 2022 — There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. Se presenta una vulnerabilidad de seguridad en el formulario de inicio de sesión relacionada con una vulnerabilidad de tipo Cross-site Request Forgery, que impide al usuario iniciar sesión después de que el atacante envíe spam para iniciar sesión y el sistema bloquee la cuenta de la víctima • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8964
https://notcve.org/view.php?id=CVE-2016-8964
13 Jul 2017 — IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. IBM BigFix Inventory v9 9.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto acceder por fuerza bruta a las credenciales de cuenta. IBM X-Force ID: 118853. • http://www.ibm.com/support/docview.wss?uid=swg21995024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8962
https://notcve.org/view.php?id=CVE-2016-8962
26 Apr 2017 — IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. IBM BigFix Inventory 9.2 no requiere que los usuarios tengan contraseñas seguras por defecto por lo que resulta más sencillo para un atacante comprometer cuentas de usuario. IBM X-Force ID: 118851. • http://www.ibm.com/support/docview.wss?uid=swg21995031 • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8977
https://notcve.org/view.php?id=CVE-2016-8977
01 Feb 2017 — IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. IBM BigFix Inventory v9 podría revelar información sensible a un usuario no autorizado utilizando solicitudes HTTP GET. Esta información podría utilizarse para montar nuevos ataques contra el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21995014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8963
https://notcve.org/view.php?id=CVE-2016-8963
01 Feb 2017 — IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. IBM BigFix Inventory v9 almacena información potencialmente sensible en archivos de registro que pueden ser leídos por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995029 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8967
https://notcve.org/view.php?id=CVE-2016-8967
01 Feb 2017 — IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. IBM BigFix Inventory v9 9.2 almacena las credenciales de usuario en un texto claro que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995019 • CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8966
https://notcve.org/view.php?id=CVE-2016-8966
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM BigFix Inventory v9 podría permitir a un atacante remoto obtener información sensible, causado por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener infor... • http://www.ibm.com/support/docview.wss?uid=swg21995023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8961
https://notcve.org/view.php?id=CVE-2016-8961
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM BigFix Inventory v9 podría permitir a un atacante remoto reali... • http://www.ibm.com/support/docview.wss?uid=swg21995037 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8980
https://notcve.org/view.php?id=CVE-2016-8980
01 Feb 2017 — IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM BigFix Inventory v9 es vulnerable a una denegación de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensi... • http://www.ibm.com/support/docview.wss?uid=swg21995013 • CWE-611: Improper Restriction of XML External Entity Reference •