CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-6150
https://notcve.org/view.php?id=CVE-2014-6150
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 hasta 7.2.1.6 y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61785 http://www-01.ibm.com/support/docview.wss?uid=swg21688424 https://exchange.xforce.ibmcloud.com/vulnerabilities/96920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2014-6149
https://notcve.org/view.php?id=CVE-2014-6149
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en BIRT-viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21688296 http://www.securityfocus.com/bid/70805 https://exchange.xforce.ibmcloud.com/vulnerabilities/96919 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-3004
https://notcve.org/view.php?id=CVE-2013-3004
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en BIRT-Report Viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x y 7.2.x anterior a 7.2.1.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21672395 http://www.securityfocus.com/bid/68452 https://exchange.xforce.ibmcloud.com/vulnerabilities/84145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5939
https://notcve.org/view.php?id=CVE-2012-5939
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en welcome.do en el Data Management Portal Web User Interface en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x anterior a v7.2.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 http://www-01.ibm.com/support/docview.wss?uid=swg21625935 https://exchange.xforce.ibmcloud.com/vulnerabilities/80494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5770
https://notcve.org/view.php?id=CVE-2012-5770
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. La configuración SSL en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x anterior a v7.2.1.4 soporta el algoritmo de HASH MD5, lo que hace sencillo para atacantes de hombre en medio (man-in-the-middle) falsificar servidores y descifrar tráfico mediante ataques por fuerza-bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 http://www-01.ibm.com/support/docview.wss?uid=swg21626029 https://exchange.xforce.ibmcloud.com/vulnerabilities/80354 • CWE-16: Configuration •