CVE-2016-6085
https://notcve.org/view.php?id=CVE-2016-6085
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. IBM BigFix Platform podría permitir a un atacante en la red local tirar los servidores BES y de retransmisión. • http://www.ibm.com/support/docview.wss?uid=swg21996348 http://www.securityfocus.com/bid/95291 • CWE-284: Improper Access Control •
CVE-2016-0296
https://notcve.org/view.php?id=CVE-2016-0296
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. IBM Tivoli Endpoint Manager - Mobile Device Managemen (MDM) almacena información potencialmente sensible en archivos de registro que podrían estar disponibles para un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21993213 http://www.securityfocus.com/bid/94213 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2016-0293
https://notcve.org/view.php?id=CVE-2016-0293
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. Vulnerabilidad de XSS en IBM BigFix Platform (anteriormente Tivoli Endpoint Manager) 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un archivo .beswrpt modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985743 http://www.securityfocus.com/bid/92593 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0269
https://notcve.org/view.php?id=CVE-2016-0269
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM BigFix Platform 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21985734 http://www.securityfocus.com/bid/91690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •