CVE-2016-9747
https://notcve.org/view.php?id=CVE-2016-9747
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. RELM versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a un problema de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando la funcionalidad deseada conllevando a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22004734 http://www.securityfocus.com/bid/99189 https://exchange.xforce.ibmcloud.com/vulnerabilities/119822 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1099
https://notcve.org/view.php?id=CVE-2017-1099
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. Jazz Foundation de IBM, podría exponer información potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659. • http://www.ibm.com/support/docview.wss?uid=swg22004534 https://exchange.xforce.ibmcloud.com/vulnerabilities/120659 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.securityfocus.com/bid/97171 https://www.ibm.com/support/docview.wss?uid=swg22000784 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-2987
https://notcve.org/view.php?id=CVE-2016-2987
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante. • http://www.securityfocus.com/bid/95109 https://www.ibm.com/support/docview.wss?uid=swg21996097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •