CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4782
https://notcve.org/view.php?id=CVE-2014-4782
IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. IBM InfoSphere BigInsights 2.1.2 permite que usuarios remotos autenticados descubran las credenciales del servidor SMTP mediante vectores relacionados con el servicio de gestión de alertas. IBM X-Force ID: 95029. • http://www-01.ibm.com/support/docview.wss?uid=swg21693053 https://exchange.xforce.ibmcloud.com/vulnerabilities/95029 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4781
https://notcve.org/view.php?id=CVE-2014-4781
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. El módulo de alerta en IBM InfoSphere BigInsights 2.1.2 y 3.x anterior a 3.0.0.2 permite a atacantes remotos obtener información sensible sobre la API de los servicios de gestión de alertas a través de un ataque de seguimiento de redes. • http://www-01.ibm.com/support/docview.wss?uid=swg21693053 https://exchange.xforce.ibmcloud.com/vulnerabilities/95028 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.9EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0905
https://notcve.org/view.php?id=CVE-2014-0905
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM InfoSphere BigInsights 2.0 hasta 2.1.2 no configura el indicador de seguridad para la cookie LTPA en una sesión https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepción de su transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg21680830 https://exchange.xforce.ibmcloud.com/vulnerabilities/91720 • CWE-264: Permissions, Privileges, and Access Controls •