CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43044 – IBM License Metric Tool directory traversal
https://notcve.org/view.php?id=CVE-2023-43044
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 https://https://www.ibm.com/support/pages/node/7040605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8964
https://notcve.org/view.php?id=CVE-2016-8964
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. IBM BigFix Inventory v9 9.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto acceder por fuerza bruta a las credenciales de cuenta. IBM X-Force ID: 118853. • http://www.ibm.com/support/docview.wss?uid=swg21995024 http://www.securityfocus.com/bid/99548 http://www.securitytracker.com/id/1038919 https://exchange.xforce.ibmcloud.com/vulnerabilities/118853 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8977
https://notcve.org/view.php?id=CVE-2016-8977
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. IBM BigFix Inventory v9 podría revelar información sensible a un usuario no autorizado utilizando solicitudes HTTP GET. Esta información podría utilizarse para montar nuevos ataques contra el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21995014 http://www.securityfocus.com/bid/95308 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8963
https://notcve.org/view.php?id=CVE-2016-8963
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. IBM BigFix Inventory v9 almacena información potencialmente sensible en archivos de registro que pueden ser leídos por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995029 http://www.securityfocus.com/bid/95282 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8967
https://notcve.org/view.php?id=CVE-2016-8967
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. IBM BigFix Inventory v9 9.2 almacena las credenciales de usuario en un texto claro que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995019 http://www.securityfocus.com/bid/95902 • CWE-255: Credentials Management Errors •