|
265771
|
6.5 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
|
CWE-200
Information Exposure
|
CVE-2016-5988
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265772
|
7.8 |
HIGH
Local
|
ibm
|
tivoli_storage_manager
|
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-5985
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265773
|
6.1 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
infosphere_information_server_on_cloud
|
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted U…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5984
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265774
|
5.4 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5980
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265775
|
5.9 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a…
|
CWE-200
Information Exposure
|
CVE-2016-5966
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265776
|
9.8 |
CRITICAL
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
|
CWE-284
Improper Access Control
|
CVE-2016-5964
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265777
|
7.5 |
HIGH
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interceptin…
|
CWE-200
Information Exposure
|
CVE-2016-5958
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265778
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati…
|
CWE-89
SQL Injection
|
CVE-2016-5952
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265779
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5951
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265780
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
|
CWE-255
Credentials Management
|
CVE-2016-5950
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
