CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8961
https://notcve.org/view.php?id=CVE-2016-8961
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM BigFix Inventory v9 podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redirección abierto. Persuadiendo a una víctima para que visite una web especialmente manipulada, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio web malicioso que parecería ser de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995037 http://www.securityfocus.com/bid/95128 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8981
https://notcve.org/view.php?id=CVE-2016-8981
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. IBM BigFix Inventory v9 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21994932 http://www.securityfocus.com/bid/95137 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8980
https://notcve.org/view.php?id=CVE-2016-8980
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM BigFix Inventory v9 es vulnerable a una denegación de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg21995013 http://www.securityfocus.com/bid/95141 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8966
https://notcve.org/view.php?id=CVE-2016-8966
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM BigFix Inventory v9 podría permitir a un atacante remoto obtener información sensible, causado por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21995023 http://www.securityfocus.com/bid/95138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4929
https://notcve.org/view.php?id=CVE-2015-4929
IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. IBM License Metric Tool 9 en versiones anteriores a 9.2.1.0 y Endpoint Manager para Software Use Analysis 9 en versiones anteriores a 9.2.1.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y obtener información sensible a través de una petición API REST. • http://www-01.ibm.com/support/docview.wss?uid=swg21966169 http://www.securitytracker.com/id/1033758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •