CVSS: 5.0EPSS: 4%CPEs: 23EXPL: 0CVE-2013-2960
https://notcve.org/view.php?id=CVE-2013-2960
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL. Desbordamiento de búfer en KDSMAIN en el componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos causar una denegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0548
https://notcve.org/view.php?id=CVE-2013-0548
Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos inyectar inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0CVE-2013-0551
https://notcve.org/view.php?id=CVE-2013-0551
The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. El componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 hasta FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacates remotos causar unad enegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2013-2961
https://notcve.org/view.php?id=CVE-2013-2961
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic. El servidor web interno en el componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos llevar a cabo redirecciones HTTP no especificadas, y eludir la configuración proxy-server, mediante tráfico HTTP especialmente diseñado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0576
https://notcve.org/view.php?id=CVE-2013-0576
Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el navegador cliente Tivoli Enterprise Portal en IBM Tivoli Monitoring v6.2.0 hasta FP03, v6.2.1 hasta FP04, v6.2.2 hasta FP09, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV32812 http://www-01.ibm.com/support/docview.wss?uid=swg21634920 https://exchange.xforce.ibmcloud.com/vulnerabilities/83328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •