CVE-2014-6147
https://notcve.org/view.php?id=CVE-2014-6147
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, y 1.3.2.0 permite a usuarios locales obtener información sensible, y como consecuencia ganar privilegios o realizar ataques de la suplantación de identidad, a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT05310 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097120 https://exchange.xforce.ibmcloud.com/vulnerabilities/96917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0897
https://notcve.org/view.php?id=CVE-2014-0897
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors. El componente Configuration Patterns en IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, y 1.3.1.x utiliza un algoritmo débil en un paso de la codificación durante la creación de una cuenta Chassis Management Module (CMM), lo que facilita a usuarios remotos autenticados vencer los mecanismos de protección criptográficos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153 https://exchange.xforce.ibmcloud.com/vulnerabilities/91395 • CWE-310: Cryptographic Issues •
CVE-2013-5423
https://notcve.org/view.php?id=CVE-2013-5423
IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. IBM Flex System Manager (FSM) 1.1 hasta 1.3 anterior a 1.3.2.0 permite a atacantes remotos enumerar cuentas de usuarios a través de vectores no especificados. • http://secunia.com/advisories/58948 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00278 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095891 http://www.securityfocus.com/bid/68370 https://exchange.xforce.ibmcloud.com/vulnerabilities/87485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-5438
https://notcve.org/view.php?id=CVE-2013-5438
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el servidor web de IBM Flex System Manager (FSM) 1.1.0 hasta 1.3 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212 https://exchange.xforce.ibmcloud.com/vulnerabilities/87753 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5424
https://notcve.org/view.php?id=CVE-2013-5424
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. IBM Flex System Manager (FSM) 1.3.0 permite a atacantes remotos evitar las restricciones de acceso previstos, y crear nuevas cuentas de usuario o ejecutar tareas, mediante el aprovechamiento de una contraseña caducada para la cuenta de nivel de sistema. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96952 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938 https://exchange.xforce.ibmcloud.com/vulnerabilities/87486 • CWE-264: Permissions, Privileges, and Access Controls •