|
273141
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_engineering_lifecycle_manager
rational_rhapsody_design_manager
rational_quality_manager
rational_software_architect_design_manager
rational_doors_next_generation
rational_team…
|
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3014
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273142
|
3.5 |
LOW
Network
|
ibm
|
connections
|
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use…
|
CWE-352
Origin Validation Error
|
CVE-2016-3009
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273143
|
4.6 |
MEDIUM
Network
|
ibm
|
connections
|
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use…
|
CWE-352
Origin Validation Error
|
CVE-2016-3004
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273144
|
2.1 |
LOW
Physics
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
|
CWE-200
Information Exposure
|
CVE-2016-3002
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273145
|
8.8 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence…
|
CWE-352
Origin Validation Error
|
CVE-2016-2963
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273146
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.
|
CWE-200
Information Exposure
|
CVE-2016-2958
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273147
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.
|
CWE-200
Information Exposure
|
CVE-2016-2957
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273148
|
3.7 |
LOW
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2016-2953
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273149
|
3.7 |
LOW
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
|
CWE-200
Information Exposure
|
CVE-2016-2952
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273150
|
3.7 |
LOW
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the …
|
CWE-310
Cryptographic Issues
|
CVE-2016-2951
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
