3 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 https://https://www.ibm.com/support/pages/node/7040605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. IBM BigFix Inventory v9 9.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto acceder por fuerza bruta a las credenciales de cuenta. IBM X-Force ID: 118853. • http://www.ibm.com/support/docview.wss?uid=swg21995024 http://www.securityfocus.com/bid/99548 http://www.securitytracker.com/id/1038919 https://exchange.xforce.ibmcloud.com/vulnerabilities/118853 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. IBM License Metric Tool 9 en versiones anteriores a 9.2.1.0 y Endpoint Manager para Software Use Analysis 9 en versiones anteriores a 9.2.1.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y obtener información sensible a través de una petición API REST. • http://www-01.ibm.com/support/docview.wss?uid=swg21966169 http://www.securitytracker.com/id/1033758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •