CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2009-1334 – IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1334
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en login/FilepathLogin.html en IBM Tivoli Continuous Data Protection (CDP) para Files v3.1.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "reason". • https://www.exploit-db.com/exploits/32908 http://secunia.com/advisories/34646 http://securitytracker.com/id?1022060 http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS http://www.osvdb.org/53651 http://www.securityfocus.com/bid/34513 http://www.vupen.com/english/advisories/2009/1021 https://exchange.xforce.ibmcloud.com/vulnerabilities/49872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5819
https://notcve.org/view.php?id=CVE-2007-5819
IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 usa permisos débiles (escritura no restringida) para el directorio de descargas Central Admin Global, lo cual permite a usuarios locales colora archivos de su elección dentro de una localización usada para actualizar clientes CDP. • http://secunia.com/advisories/27473 http://www-1.ibm.com/support/docview.wss?uid=swg1IC54264 http://www.securityfocus.com/bid/26293 http://www.vupen.com/english/advisories/2007/3683 https://exchange.xforce.ibmcloud.com/vulnerabilities/38215 • CWE-264: Permissions, Privileges, and Access Controls •