CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-1758
https://notcve.org/view.php?id=CVE-2017-1758
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. IBM Financial Transaction Manager para ACH Services Multi-Platform (IBM Control Center 6.0 y 6.1; IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4 y 3.1.0; IBM Transformation Extender Advanced 9.0) es vulnerable a un ataque de XEE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22012828 http://www.ibm.com/support/docview.wss?uid=swg22013375 http://www.ibm.com/support/docview.wss?uid=swg22013432 http://www.securityfocus.com/bid/103130 https://exchange.xforce.ibmcloud.com/vulnerabilities/135859 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-8941
https://notcve.org/view.php?id=CVE-2016-8941
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Tivoli Storage Productivity Center es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21995128 http://www.securityfocus.com/bid/94914 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-8942
https://notcve.org/view.php?id=CVE-2016-8942
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. IBM Tivoli Storage Productivity Center podría permitir a un usuario autenticado con un conocimiento íntimo del sistema editar un conjunto limitado de propiedades en el servidor. • http://www.ibm.com/support/docview.wss?uid=swg21995128 http://www.securityfocus.com/bid/94916 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2016-8943
https://notcve.org/view.php?id=CVE-2016-8943
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Storage Productivity Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995128 http://www.securityfocus.com/bid/94917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2016-5944
https://notcve.org/view.php?id=CVE-2016-5944
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. Vulnerabilidad de XSS en la Web UI en IBM Spectrum Control (anteriormente Tivoli Storage Productivity Center) 5.2.x en versiones anteriores a 5.2.11 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena embebida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944 http://www-01.ibm.com/support/docview.wss?uid=swg21988625 http://www.securityfocus.com/bid/93087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •