CVE-2016-0295
https://notcve.org/view.php?id=CVE-2016-0295
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM BigFix Platform 9.0, 9.1, 9.2 y versiones 9.5 anteriores a la 9.5.2 permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force ID: 111363. • http://www-01.ibm.com/support/docview.wss?uid=swg21985830 https://exchange.xforce.ibmcloud.com/vulnerabilities/111363 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-1203
https://notcve.org/view.php?id=CVE-2017-1203
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. La plataforma y las aplicaciones de IBM Tivoli Endpoint Manager (para Lifecycle/Power/Patch) son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22005246 http://www.ibm.com/support/docview.wss?uid=swg22006014 http://www.securityfocus.com/bid/99916 https://exchange.xforce.ibmcloud.com/vulnerabilities/123678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1223
https://notcve.org/view.php?id=CVE-2017-1223
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. IBM Tivoli Endpoint Manager podría permitir a un atacante remoto conducir ataques de phishing mediante un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22005246 http://www.securityfocus.com/bid/99916 https://exchange.xforce.ibmcloud.com/vulnerabilities/123902 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-1218
https://notcve.org/view.php?id=CVE-2017-1218
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. IBM Tivoli Endpoint Manager es vulnerable a un problema de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. ID de IBM X-Force: 123858. • http://www.ibm.com/support/docview.wss?uid=swg22005246 http://www.securityfocus.com/bid/101571 http://www.securityfocus.com/bid/99916 https://exchange.xforce.ibmcloud.com/vulnerabilities/123858 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-1224
https://notcve.org/view.php?id=CVE-2017-1224
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. IBM Tivoli Endpoint Manager usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 123903. • http://www.ibm.com/support/docview.wss?uid=swg22005246 http://www.securityfocus.com/bid/99916 https://exchange.xforce.ibmcloud.com/vulnerabilities/123903 • CWE-326: Inadequate Encryption Strength •