CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1473
https://notcve.org/view.php?id=CVE-2018-1473
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691. IBM BigFix Platform 9.2 y 9.5 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22015754 https://exchange.xforce.ibmcloud.com/vulnerabilities/140691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1479
https://notcve.org/view.php?id=CVE-2018-1479
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. IBM BigFix Platform 9.2 y 9.5 es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 140761. • http://www.ibm.com/support/docview.wss?uid=swg22015754 https://exchange.xforce.ibmcloud.com/vulnerabilities/140761 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0291
https://notcve.org/view.php?id=CVE-2016-0291
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. IBM BigFix Platform 9.0, versiones 9.1 anteriores a la 9.1.8 y versiones 9.2 anteriores a la 9.2.8, permite que usuarios autenticados remotos ejecuten comandos arbitrarios aprovechando el acceso al servidor de informes. IBM X-Force ID: 111302. • http://www-01.ibm.com/support/docview.wss?uid=swg21985748 https://exchange.xforce.ibmcloud.com/vulnerabilities/111302 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0295
https://notcve.org/view.php?id=CVE-2016-0295
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM BigFix Platform 9.0, 9.1, 9.2 y versiones 9.5 anteriores a la 9.5.2 permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force ID: 111363. • http://www-01.ibm.com/support/docview.wss?uid=swg21985830 https://exchange.xforce.ibmcloud.com/vulnerabilities/111363 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1221
https://notcve.org/view.php?id=CVE-2017-1221
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. IBM Tivoli Endpoint Manager (IBM BigFix 9.2 y 9.5) no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 123861. • http://www.ibm.com/support/docview.wss?uid=swg22010177 http://www.securityfocus.com/bid/101683 https://exchange.xforce.ibmcloud.com/vulnerabilities/123861 • CWE-521: Weak Password Requirements •