CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43044 – IBM License Metric Tool directory traversal
https://notcve.org/view.php?id=CVE-2023-43044
28 Sep 2023 — IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-8964
https://notcve.org/view.php?id=CVE-2016-8964
13 Jul 2017 — IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. IBM BigFix Inventory v9 9.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto acceder por fuerza bruta a las credenciales de cuenta. IBM X-Force ID: 118853. • http://www.ibm.com/support/docview.wss?uid=swg21995024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8963
https://notcve.org/view.php?id=CVE-2016-8963
01 Feb 2017 — IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. IBM BigFix Inventory v9 almacena información potencialmente sensible en archivos de registro que pueden ser leídos por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995029 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8977
https://notcve.org/view.php?id=CVE-2016-8977
01 Feb 2017 — IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. IBM BigFix Inventory v9 podría revelar información sensible a un usuario no autorizado utilizando solicitudes HTTP GET. Esta información podría utilizarse para montar nuevos ataques contra el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21995014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8967
https://notcve.org/view.php?id=CVE-2016-8967
01 Feb 2017 — IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. IBM BigFix Inventory v9 9.2 almacena las credenciales de usuario en un texto claro que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995019 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8981
https://notcve.org/view.php?id=CVE-2016-8981
01 Feb 2017 — IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. IBM BigFix Inventory v9 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21994932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8980
https://notcve.org/view.php?id=CVE-2016-8980
01 Feb 2017 — IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM BigFix Inventory v9 es vulnerable a una denegación de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensi... • http://www.ibm.com/support/docview.wss?uid=swg21995013 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8961
https://notcve.org/view.php?id=CVE-2016-8961
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM BigFix Inventory v9 podría permitir a un atacante remoto reali... • http://www.ibm.com/support/docview.wss?uid=swg21995037 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8966
https://notcve.org/view.php?id=CVE-2016-8966
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM BigFix Inventory v9 podría permitir a un atacante remoto obtener información sensible, causado por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener infor... • http://www.ibm.com/support/docview.wss?uid=swg21995023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4929
https://notcve.org/view.php?id=CVE-2015-4929
11 Oct 2015 — IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. IBM License Metric Tool 9 en versiones anteriores a 9.2.1.0 y Endpoint Manager para Software Use Analysis 9 en versiones anteriores a 9.2.1.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y obtener información sensible a través de una pet... • http://www-01.ibm.com/support/docview.wss?uid=swg21966169 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •