CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6085
https://notcve.org/view.php?id=CVE-2016-6085
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. IBM BigFix Platform podría permitir a un atacante en la red local tirar los servidores BES y de retransmisión. • http://www.ibm.com/support/docview.wss?uid=swg21996348 http://www.securityfocus.com/bid/95291 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0297
https://notcve.org/view.php?id=CVE-2016-0297
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. IBM Tivoli Endpoint Manager - Mobile Device Managemen (MDM) podría permitir a un atacante remoto obtener información sensible debido a un HTTP Strict-Transport-Security Header perdido a través de técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21993214 http://www.securityfocus.com/bid/94188 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0396
https://notcve.org/view.php?id=CVE-2016-0396
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. IBM Tivoli Endpoint Manager podrían permitir a un usuario en circunstancias especiales inyectar comandos que sería ejecutado con privilegios superiores innecesarios de lo esperado. • http://www.ibm.com/support/docview.wss?uid=swg21993206 http://www.securityfocus.com/bid/94155 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2016-0293
https://notcve.org/view.php?id=CVE-2016-0293
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. Vulnerabilidad de XSS en IBM BigFix Platform (anteriormente Tivoli Endpoint Manager) 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un archivo .beswrpt modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985743 http://www.securityfocus.com/bid/92593 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2016-0269
https://notcve.org/view.php?id=CVE-2016-0269
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM BigFix Platform 9.x en versiones anteriores a 9.1.8 y 9.2.x en versiones anteriores a 9.2.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21985734 http://www.securityfocus.com/bid/91690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •