|
266491
|
5.9 |
MEDIUM
Network
|
ibm
|
rational_clearquest
|
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-mid…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-2922
|
2024-11-21 11:49 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266492
|
8.1 |
HIGH
Network
|
ibm
|
tealeaf_customer_experience
|
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of se…
|
CWE-20
Improper Input Validation
|
CVE-2016-2983
|
2024-11-21 11:49 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266493
|
5.4 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3048
|
2024-11-21 11:49 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266494
|
8.8 |
HIGH
Network
|
apache
|
struts
|
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
|
CWE-20
Improper Input Validation
|
CVE-2016-3090
|
2024-11-21 11:49 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266495
|
5.4 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser with…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3049
|
2024-11-21 11:49 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266496
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
|
CWE-200
Information Exposure
|
CVE-2016-3086
|
2024-11-21 11:49 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266497
|
6.3 |
MEDIUM
Network
|
ibm
|
sametime
|
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Fo…
|
CWE-74
Injection
|
CVE-2016-2980
|
2024-11-21 11:49 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266498
|
3.3 |
LOW
Local
|
ibm
|
sametime
|
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.
|
CWE-200
Information Exposure
|
CVE-2016-2978
|
2024-11-21 11:49 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266499
|
4.3 |
MEDIUM
Network
|
ibm
|
sametime
|
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.
|
CWE-200
Information Exposure
|
CVE-2016-2976
|
2024-11-21 11:49 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266500
|
5.4 |
MEDIUM
Network
|
ibm
|
sametime
|
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2975
|
2024-11-21 11:49 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
