CVE-2012-2173
https://notcve.org/view.php?id=CVE-2012-2173
The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. El controlador ODBC de IBM Security AppScan Source v7.x y v8.x anterior a v8.6 envía un hash SHA-1 de la contraseña de conexión durante las conexiones a una base de datos solidDB, que permite a atacantes remotos obtener información sensible el tráfico de la red. • http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/75242 • CWE-255: Credentials Management Errors •
CVE-2012-2161
https://notcve.org/view.php?id=CVE-2012-2161
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW Data Collection Developer Library v6.0 y v6.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URL malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21596690 http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/74833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2159
https://notcve.org/view.php?id=CVE-2012-2159
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg21596690 http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/74832 • CWE-20: Improper Input Validation •