CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5770
https://notcve.org/view.php?id=CVE-2012-5770
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. La configuración SSL en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x anterior a v7.2.1.4 soporta el algoritmo de HASH MD5, lo que hace sencillo para atacantes de hombre en medio (man-in-the-middle) falsificar servidores y descifrar tráfico mediante ataques por fuerza-bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 http://www-01.ibm.com/support/docview.wss?uid=swg21626029 https://exchange.xforce.ibmcloud.com/vulnerabilities/80354 • CWE-16: Configuration •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5942
https://notcve.org/view.php?id=CVE-2012-5942
Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración de Data Portal Web del usuario en IBM Tivoli Application Dependency Discovery Manager (TADDM) v7.2.x antes de v7.2.1.4 que permite a usuarios remotos autenticados inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391 http://www-01.ibm.com/support/docview.wss?uid=swg21625935 https://exchange.xforce.ibmcloud.com/vulnerabilities/80537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •