Page 9 of 57 results (0.006 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1220

https://notcve.org/view.php?id=CVE-2017-1220

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) revela información sensible a usuarios sin autorización. Esta información puede emplearse para ejecutar más ataques en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123860 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1225

https://notcve.org/view.php?id=CVE-2017-1225

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) almacena información sensible en parámetros URL. Esto puede llevar a una revelación de información si terceros no autorizados acceden a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123904 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1230

https://notcve.org/view.php?id=CVE-2017-1230

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) emplea números o valores aleatorios insuficientes en un contexto de seguridad que depende de números impredecibles. Esta debilidad podría permitir que atacantes expongan información sensible adivinando tokens o identificadores. • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123909 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1228

https://notcve.org/view.php?id=CVE-2017-1228

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 y 9.5) podría permitir que un atacante remoto obtenga información sensible, debido a que no se habilita correctamente el atributo de cookie "secure". Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/123907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1521

https://notcve.org/view.php?id=CVE-2017-1521

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 y 9.5) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22009673 http://www.securityfocus.com/bid/101571 https://exchange.xforce.ibmcloud.com/vulnerabilities/129831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •