CVE-2016-0295
https://notcve.org/view.php?id=CVE-2016-0295
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM BigFix Platform 9.0, 9.1, 9.2 y versiones 9.5 anteriores a la 9.5.2 permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force ID: 111363. • http://www-01.ibm.com/support/docview.wss?uid=swg21985830 https://exchange.xforce.ibmcloud.com/vulnerabilities/111363 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-1221
https://notcve.org/view.php?id=CVE-2017-1221
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. IBM Tivoli Endpoint Manager (IBM BigFix 9.2 y 9.5) no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 123861. • http://www.ibm.com/support/docview.wss?uid=swg22010177 http://www.securityfocus.com/bid/101683 https://exchange.xforce.ibmcloud.com/vulnerabilities/123861 • CWE-521: Weak Password Requirements •
CVE-2017-1229
https://notcve.org/view.php?id=CVE-2017-1229
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908. IBM Tivoli Endpoint Manager (IBM BigFix 9.2 y 9.5) podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22005246 https://exchange.xforce.ibmcloud.com/vulnerabilities/123908 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1228
https://notcve.org/view.php?id=CVE-2017-1228
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) podría permitir que un atacante remoto obtenga información sensible, debido a que no se habilita correctamente el atributo de cookie "secure". Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1232
https://notcve.org/view.php?id=CVE-2017-1232
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) transmite datos sensibles o críticos para la seguridad en texto claro en un canal de comunicación que puede ser rastreado por actores no autorizados. IBM X-Force ID: 123911. • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123911 • CWE-319: Cleartext Transmission of Sensitive Information •