CVE-2016-3040
https://notcve.org/view.php?id=CVE-2016-3040
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de CSFR en IBM Connections 4.x hasta la versión 4.5 CR5, 5.0 en versiones anteriores a CR4 y 5.5 en versiones anteriores a CR1 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/92986 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-5963
https://notcve.org/view.php?id=CVE-2016-5963
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 no valida correctamente actualizaciones, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93076 • CWE-284: Improper Access Control •