Page 235 of 10827 results (0.114 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 https://www.ibm.com/support/pages/node/7116083 • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. ... The hostile server could capture the NTLM hash information to obtain the user's credentials. • https://www.exploit-db.com/exploits/51817 http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html http://seclists.org/fulldisclosure/2024/Feb/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 https://www.ibm.com/support/pages/node/7116091 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. •