Page 6 of 35 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/41344 http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuración de InheritParentPermissions durante la actualización de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretendidos mediante vectores desconocidos. • http://secunia.com/advisories/40614 http://www-01.ibm.com/support/docview.wss?uid=swg21441225 http://www.vupen.com/english/advisories/2010/1847 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad no específica en el P8 Content Engine (P8CE) v4.5.1 anteriores a FP3 y al P8 Content Search Engine (P8CSE) anteriores a v4.5.0 FP3 y v4.5.1 anterior a FP1, como el usado en IBM FileNet P8 Content Manager (CM) y en FileNet P8 Business Process Manager (BPM), permitiendo a atacantes remotos obtener privilegios mediante vectores desconocidos. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/40413 http://www-01.ibm.com/support/docview.wss?uid=swg21438487 http://www.osvdb.org/65804 http://www.securityfocus.com/bid/41177 http://www.vupen.com/english/advisories/2010/1616 https://exchange.xforce.ibmcloud.com/vulnerabilities/59792 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en la funcionalidad sing-on en la implementación de Web Services en IBM DB2 Content Manager (CM) Toolkit v8.3 anteriores a FP13 en z/OS y DB2 Information Integrator para Content v8.3 anteriores a FP13, tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/39025 http://securitytracker.com/id?1023726 http://www-01.ibm.com/support/docview.wss?uid=isg1PM03804 http://www-01.ibm.com/support/docview.wss?uid=swg1IO11283 http://www-01.ibm.com/support/docview.wss?uid=swg27018205&aid=1 http://www.osvdb.org/63079 http://www.securityfocus.com/bid/38833 http://www.vupen.com/english/advisories/2010/0656 •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. IBM FileNet Content Manager v4.0, v4.0.1, y 4.5, usado en IBM WebSphere Application Server (WAS) y Oracle BEA WebLogic Application Server, cuando el "listener" (aplicación a la escucha)CE Web Services tiene una configuración WSEAF determinada, no restringe adecuadamente el uso de un "Subject" cacheado, lo que permite a atacantes remotos obtener acceso con credenciales de usuarios autenticados recientemente, a través de vectores no especificados. • http://secunia.com/advisories/35347 http://www-01.ibm.com/support/docview.wss?uid=swg21389281 http://www.securityfocus.com/bid/35228 http://www.vupen.com/english/advisories/2009/1512 • CWE-264: Permissions, Privileges, and Access Controls •