10 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones anteriores a la 7.2.1.5 y 7.2.x anteriores a la 7.2.2 facilita que los atacantes remotos sorteen los mecanismo de protección criptográfica aprovechando que soporta cifrados SSL débiles. IBM X-Force ID: 84353. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84353 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports • CWE-310: Cryptographic Issues •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361. IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 podría permitir que atacantes remotos obtengan información sensible sobre credenciales Tomcat rastreando la web en busca de una sesión en la que se emplee HTTP. IBM X-Force ID: 84361. • http://www-01.ibm.com/support/docview.wss?uid=swg21672388 https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. La aplicación web AXIS en deploy-tomcat/axis en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 permite que atacantes remotos obtengan información sensible de configuración mediante una petición directa, tal y como queda demostrado con happyaxis.jsp. IBM X-Force ID: 84354. • http://www-01.ibm.com/support/docview.wss?uid=swg21672403 https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones 7.1.2.x anteriores a la 7.2.1.5 y versiones 7.2.x anteriores a la 7.2.2.0 en Unix emplea permisos débiles (755) para archivos de configuración y de registro sin especificar, lo que permite que usuarios locales obtengan información sensible leyendo los archivos. IBM X-Force ID: 86176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 https://www-01.ibm.com/support/docview.wss?uid=swg21672253 • CWE-275: Permission Issues •

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticación TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener información sensible de la base de datos a través de una URL manipulada. • http://secunia.com/advisories/61785 http://www-01.ibm.com/support/docview.wss?uid=swg21688549 http://www.securityfocus.com/bid/70842 https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 • CWE-287: Improper Authentication •