CVE-2016-6084
https://notcve.org/view.php?id=CVE-2016-6084
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. IBM BigFix Platform podría permitir a un atacante en la red local tirar el servidor BES utilizando una petición XMLSchema especialmente manipulada. • http://www.ibm.com/support/docview.wss?uid=swg21996339 http://www.securityfocus.com/bid/95286 • CWE-20: Improper Input Validation •
CVE-2016-0396
https://notcve.org/view.php?id=CVE-2016-0396
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. IBM Tivoli Endpoint Manager podrían permitir a un usuario en circunstancias especiales inyectar comandos que sería ejecutado con privilegios superiores innecesarios de lo esperado. • http://www.ibm.com/support/docview.wss?uid=swg21993206 http://www.securityfocus.com/bid/94155 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-0293
https://notcve.org/view.php?id=CVE-2016-0293
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. Vulnerabilidad de XSS en IBM BigFix Platform (anteriormente Tivoli Endpoint Manager) 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un archivo .beswrpt modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985743 http://www.securityfocus.com/bid/92593 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0269
https://notcve.org/view.php?id=CVE-2016-0269
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM BigFix Platform 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21985734 http://www.securityfocus.com/bid/91690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •