CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5461
https://notcve.org/view.php?id=CVE-2013-5461
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. IBM Endpoint Manager for Remote Control 9.0.0 y 9.0.1 y Tivoli Remote Control 5.1.2 almacenan múltiples hashes de contraseñas parciales, lo que facilita que atacantes remotos descifren contraseñas aprovechando el acceso a los hashes. IBM X-Force ID: 88309. • https://exchange.xforce.ibmcloud.com/vulnerabilities/88309 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4952
https://notcve.org/view.php?id=CVE-2015-4952
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196. El plugin on-demand en IBM Endpoint Manager for Remote Control 9.0.1 y 9.1.0 permite que atacantes remotos ayudados por el usuario ejecuten código arbitrario mediante vectores sin especificar. IBM X-Force ID: 105196. • http://www-01.ibm.com/support/docview.wss?uid=swg21962602 •