CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1181
https://notcve.org/view.php?id=CVE-2017-1181
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. IBM Tivoli Monitoring Portal V6 permite a un atacante local escalar privilegios para IBM Tivoli Monitoring, causando que la conexión por defecto de la consola no sea encriptada. IBM X-Force ID: 123487. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securityfocus.com/bid/99596 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123487 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1183
https://notcve.org/view.php?id=CVE-2017-1183
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. IBM Tivoli Monitoring Portal v6 permite a un atacante local o de una red adyacente modificar comando SQL al Portal Server, cuando las comunicaciones por defecto entre el cliente y el servidor HTTP están siendo usadas. IBM X-Force ID: 123494. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securityfocus.com/bid/99610 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123494 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1182
https://notcve.org/view.php?id=CVE-2017-1182
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. IBM Tivoli Monitoring Portal v6 permite a un atacante local o de una red adyacente ejecutar comando aleatorios en el sistema, cuando las comunicaciones por defecto entre el cliente y el servidor HTTP están siendo usadas. IBM X-Force ID: 123494. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123493 •
CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2016-6083
https://notcve.org/view.php?id=CVE-2016-6083
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. IBM Tivoli Monitoring V6 podría permitir a un usuario no autenticado acceder a consultas SOAP que podrían contener información confidencial. IBM X-Force ID: 117696. • http://www.ibm.com/support/docview.wss?uid=swg22000909 http://www.securityfocus.com/bid/99259 https://exchange.xforce.ibmcloud.com/vulnerabilities/117696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0CVE-2016-5933
https://notcve.org/view.php?id=CVE-2016-5933
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. IBM Tivoli Monitoring 6.2 y 6.3 es vulnerable a posibles ataques de inyección de encabezado de host que podría conducir a envenenamiento de caché HTTP o elusión del firewall. Referencia IBM #: 1997223. • http://www.ibm.com/support/docview.wss?uid=swg21997223 • CWE-254: 7PK - Security Features •