2 results (0.005 seconds)

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. IBM Rational Policy Tester 8.5 anteriores a 8.5.0.5 no comprueba apropiadamente la autorización de cambios en el conjunto de hosts de autentificación, lo que permite a usuarios remotos autentificados realizar ataques de falseamiento que impliquen una redirección HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21648481 https://exchange.xforce.ibmcloud.com/vulnerabilities/86585 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. IBM Rational Policy Tester 8.5 anterior a 8.5.0.5 no verifica apropiadamente certificados X.509 desde servidores SSL, lo que permite a atacantes man-in-the-middle falsear servidores Jazz Team, obtener información sensible y modificar el flujo de datos cliente-servidor a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21648481 https://exchange.xforce.ibmcloud.com/vulnerabilities/86586 • CWE-310: Cryptographic Issues •