9 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones anteriores a la 7.2.1.5 y 7.2.x anteriores a la 7.2.2 facilita que los atacantes remotos sorteen los mecanismo de protección criptográfica aprovechando que soporta cifrados SSL débiles. IBM X-Force ID: 84353. • https://exchange.xforce.ibmcloud.com/vulnerabilities/84353 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports • CWE-310: Cryptographic Issues •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361. IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 podría permitir que atacantes remotos obtengan información sensible sobre credenciales Tomcat rastreando la web en busca de una sesión en la que se emplee HTTP. IBM X-Force ID: 84361. • http://www-01.ibm.com/support/docview.wss?uid=swg21672388 https://exchange.xforce.ibmcloud.com/vulnerabilities/84361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. La aplicación web AXIS en deploy-tomcat/axis en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 y de la versión 7.2.0 a la 7.2.1.4 permite que atacantes remotos obtengan información sensible de configuración mediante una petición directa, tal y como queda demostrado con happyaxis.jsp. IBM X-Force ID: 84354. • http://www-01.ibm.com/support/docview.wss?uid=swg21672403 https://exchange.xforce.ibmcloud.com/vulnerabilities/84354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. IBM Tivoli Application Dependency Discovery Manager (TADDM) en versiones 7.1.2.x anteriores a la 7.2.1.5 y versiones 7.2.x anteriores a la 7.2.2.0 en Unix emplea permisos débiles (755) para archivos de configuración y de registro sin especificar, lo que permite que usuarios locales obtengan información sensible leyendo los archivos. IBM X-Force ID: 86176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/86176 https://www-01.ibm.com/support/docview.wss?uid=swg21672253 • CWE-275: Permission Issues •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 hasta 7.2.1.6 y 7.2.2.0 hasta 7.2.2.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61785 http://www-01.ibm.com/support/docview.wss?uid=swg21688424 https://exchange.xforce.ibmcloud.com/vulnerabilities/96920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •