Page 2 of 12 results (0.004 seconds)

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 no requiere la autenticación TADDM para las descargas rptdesign, lo que permite a usuarios remotos autenticados obtener información sensible de la base de datos a través de una URL manipulada. • http://secunia.com/advisories/61785 http://www-01.ibm.com/support/docview.wss?uid=swg21688549 http://www.securityfocus.com/bid/70842 https://exchange.xforce.ibmcloud.com/vulnerabilities/96918 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en BIRT-viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 hasta 7.2.0.10, 7.2.1.0 hasta 7.2.1.6, y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21688296 http://www.securityfocus.com/bid/70805 https://exchange.xforce.ibmcloud.com/vulnerabilities/96919 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 25EXPL: 0

Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en BIRT-Report Viewer en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x y 7.2.x anterior a 7.2.1.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores no especificados a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21672395 http://www.securityfocus.com/bid/68452 https://exchange.xforce.ibmcloud.com/vulnerabilities/84145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL. El visor BIRT de IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x anterior a la versión 7.2.1.5 permite a usuarios remotos autenticados evadir las comprobaciones de autorización y obtener privilegios de report-administration, y consecuentemente crear o eliminar reportes o llevar a cabo ataques de inyección de SQL, a través de parámetros manipulados hacia BIRT. • http://www.ibm.com/support/docview.wss?uid=swg21662955 https://exchange.xforce.ibmcloud.com/vulnerabilities/83877 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración de Data Portal Web del usuario en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x antes de v7.2.1.4 que permite a usuarios remotos autenticados inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 http://www-01.ibm.com/support/docview.wss?uid=swg21625935 https://exchange.xforce.ibmcloud.com/vulnerabilities/80537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •