CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8921
https://notcve.org/view.php?id=CVE-2014-8921
02 Mar 2015 — The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. La aplicación IBM Notes Traveler Companion 1.0 y 1.1 anterior a 201411010515 para Window Phone, distribuido en IBM Notes Traveler 9.0.1, no restr... • http://www-01.ibm.com/support/docview.wss?uid=swg21690582 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6130
https://notcve.org/view.php?id=CVE-2014-6130
04 Nov 2014 — The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. La aplicación IBM Notes Traveler anterior a 9.0.1.3 para Android le falta un mensaje de aviso durante la selección de una sesión HTTP, lo que facilita a atacantes remotos obtener información sensible mediante la captura de trafi... • http://www-01.ibm.com/support/docview.wss?uid=swg21688840 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0536
https://notcve.org/view.php?id=CVE-2013-0536
21 Jun 2013 — ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. ntmulti.exe en el servicio Multi User Profile Cleanup en IBM Notes v8.0, v8.0.1, v8.0.2, v8.5, v8.5.1, v8.5.2, v8.5.3 anterior a FP5, y v9.0 anterior a IF2 permite a usuarios locales ganar privilegios mediante ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21633827 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 20%CPEs: 128EXPL: 0CVE-2012-4820 – JDK: java.lang.reflect.Method invoke() code execution
https://notcve.org/view.php?id=CVE-2012-4820
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a se... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 44%CPEs: 128EXPL: 0CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
11 Jan 2013 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1467.html •
CVSS: 9.8EPSS: 87%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
11 Jan 2013 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 86%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers... • http://rhn.redhat.com/errata/RHSA-2012-1466.html •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5309
https://notcve.org/view.php?id=CVE-2012-5309
08 Oct 2012 — servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. servlet/traveler en IBM Lotus Notes Traveler hasta la v8.5.3.3 Interim Fix 1 no restringe los intentos de validación erróneos, lo que facilita a atacantes remotos obtener acceso a través de ataques por fuerza bruta. • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5308
https://notcve.org/view.php?id=CVE-2012-5308
08 Oct 2012 — Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en servlet/traveler en IBM Lotus Notes Traveler hasta la v8.5.3.3 Interim Fix 1, permite a atacantes remotos secuestrar la autenticación de los usuarios ... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4825
https://notcve.org/view.php?id=CVE-2012-4825
08 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en servlet/traveler/ILNT.mobileconfig en IBM Lotus Notes Traveler anteriores a v8.5.3.2, permite a atacantes remotos inyectar secuencias de comandos ... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •