CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6044
https://notcve.org/view.php?id=CVE-2016-6044
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. IBM Tivoli Storage Manager Operations Center podría permitir a un atacante autenticado para habilitar o deshabilitar la APRI REST de la aplicación, lo que puede permitir que el atacante viole la política de seguridad. • http://www.ibm.com/support/docview.wss?uid=swg21995754 http://www.securityfocus.com/bid/95091 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6046
https://notcve.org/view.php?id=CVE-2016-6046
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Storage Manager Operations Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995754 http://www.securityfocus.com/bid/95093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6034
https://notcve.org/view.php?id=CVE-2016-6034
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. IBM Tivoli Storage Manager para Virtual Environments (VMware) podría revelar las credenciales de dominio de Windows a un usuario con un alto nivel de privilegios. • http://www.ibm.com/support/docview.wss?uid=swg21995544 http://www.securityfocus.com/bid/95976 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •