5 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podría exponer hashes de contraseña almacenados en la memoria del sistema en los sistemas objetivo que están configurados para emplear TADDM. IBM X-Force ID: 145110. • http://www.ibm.com/support/docview.wss?uid=ibm10742403 https://exchange.xforce.ibmcloud.com/vulnerabilities/145110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. IBM Tivoli Application Dependency Discovery Manager en sus versiones 7.2.2 y 7.3 es vulnerable a ataques Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 11029. • http://www.securityfocus.com/bid/105135 https://exchange.xforce.ibmcloud.com/vulnerabilities/140090 https://www.ibm.com/support/docview.wss?uid=swg22016659 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podría permitir a un atacante remoto leer archivos del sistema o datos que estén restringidos a usuarios autorizados. IBM X-Force ID: 118539. • http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E http://www.securityfocus.com/bid/97629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 podrían permitir a un atacante remoto incluir archivos arbitrarios que podrían permitir al atacante leer cualquier archivo del sistema. IBM X-Force ID: 118538. • http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E http://www.securityfocus.com/bid/97625 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •