CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1231
https://notcve.org/view.php?id=CVE-2017-1231
12 Oct 2018 — IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910. IBM BigFix Platform 9.5 - 9.5.9 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 123910. • https://exchange.xforce.ibmcloud.com/vulnerabilities/123910 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1600
https://notcve.org/view.php?id=CVE-2018-1600
04 Jun 2018 — IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. IBM BigFix Platform 9.2 y 9.5 transmite datos sensibles o críticos para la seguridad en texto claro en un canal de comunicación que puede ser rastreado por actores no autorizados. IBM X-Force ID: 143745. • http://www.ibm.com/support/docview.wss?uid=swg22015754 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1479
https://notcve.org/view.php?id=CVE-2018-1479
27 Apr 2018 — IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. IBM BigFix Platform 9.2 y 9.5 es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 140761. • http://www.ibm.com/support/docview.wss?uid=swg22015754 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1473
https://notcve.org/view.php?id=CVE-2018-1473
27 Apr 2018 — IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691. IBM BigFix Platform 9.2 y 9.5 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades prevista... • http://www.ibm.com/support/docview.wss?uid=swg22015754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1475
https://notcve.org/view.php?id=CVE-2018-1475
27 Apr 2018 — IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756. IBM BigFix Platform 9.2 y 9.5 emplea una configuración de bloqueo de cuenta inadecuada que podría permitir que un atacante remoto descifre credenciales de cuenta por fuerza bruta. IBM X-Force ID: 140756. • http://www.ibm.com/support/docview.wss?uid=swg22015754 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0295
https://notcve.org/view.php?id=CVE-2016-0295
28 Feb 2018 — Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM BigFix Platform 9.0, 9.1, 9.2 y versiones 9.5 anteriores a la 9.5.2 permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force... • http://www-01.ibm.com/support/docview.wss?uid=swg21985830 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1203
https://notcve.org/view.php?id=CVE-2017-1203
19 Jul 2017 — IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. La plataforma y las aplicaciones de IBM Tivoli Endpoint Manager (para Lifecycle/Power/Patch) son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad ... • http://www.ibm.com/support/docview.wss?uid=swg22005246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1218
https://notcve.org/view.php?id=CVE-2017-1218
19 Jul 2017 — IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. IBM Tivoli Endpoint Manager es vulnerable a un problema de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. ID de IBM X-Force: 123858. • http://www.ibm.com/support/docview.wss?uid=swg22005246 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1223
https://notcve.org/view.php?id=CVE-2017-1223
19 Jul 2017 — IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. IBM Tivoli Endpoint Manager podría per... • http://www.ibm.com/support/docview.wss?uid=swg22005246 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1224
https://notcve.org/view.php?id=CVE-2017-1224
19 Jul 2017 — IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. IBM Tivoli Endpoint Manager usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 123903. • http://www.ibm.com/support/docview.wss?uid=swg22005246 • CWE-326: Inadequate Encryption Strength •