CVE-2013-3017
https://notcve.org/view.php?id=CVE-2013-3017
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones anteriores a la 7.2.1.5 y 7.2.x anteriores a la 7.2.2 facilita que los atacantes remotos sorteen los mecanismo de protección criptográfica aprovechando que soporta cifrados SSL débiles. IBM X-Force ID: 84353. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84353 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports • CWE-310: Cryptographic Issues •
CVE-2013-3023
https://notcve.org/view.php?id=CVE-2013-3023
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361. IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 podría permitir que atacantes remotos obtengan información sensible sobre credenciales Tomcat rastreando la web en busca de una sesión en la que se emplee HTTP. IBM X-Force ID: 84361. • http://www-01.ibm.com/support/docview.wss?uid=swg21672388 https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3018
https://notcve.org/view.php?id=CVE-2013-3018
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. La aplicación web AXIS en deploy-tomcat/axis en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 permite que atacantes remotos obtengan información sensible de configuración mediante una petición directa, tal y como queda demostrado con happyaxis.jsp. IBM X-Force ID: 84354. • http://www-01.ibm.com/support/docview.wss?uid=swg21672403 https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4040
https://notcve.org/view.php?id=CVE-2013-4040
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones 7.1.2.x anteriores a la 7.2.1.5 y versiones 7.2.x anteriores a la 7.2.2.0 en Unix emplea permisos débiles (755) para archivos de configuración y de registro sin especificar, lo que permite que usuarios locales obtengan información sensible leyendo los archivos. IBM X-Force ID: 86176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 https://www-01.ibm.com/support/docview.wss?uid=swg21672253 • CWE-275: Permission Issues •
CVE-2016-8927
https://notcve.org/view.php?id=CVE-2016-8927
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. IBM Tivoli Application Dependency Discovery Manager 7.2.2 y 7.3 es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E http://www.securityfocus.com/bid/97629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •