|
267251
|
6.5 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
|
CWE-200
Information Exposure
|
CVE-2016-5994
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267252
|
6.3 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
|
CWE-284
Improper Access Control
|
CVE-2016-5990
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267253
|
6.5 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
|
CWE-200
Information Exposure
|
CVE-2016-5988
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267254
|
7.8 |
HIGH
Local
|
ibm
|
tivoli_storage_manager
|
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-5985
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267255
|
6.1 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
infosphere_information_server_on_cloud
|
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted U…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5984
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267256
|
5.4 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5980
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267257
|
5.9 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a…
|
CWE-200
Information Exposure
|
CVE-2016-5966
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267258
|
9.8 |
CRITICAL
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
|
CWE-284
Improper Access Control
|
CVE-2016-5964
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267259
|
7.5 |
HIGH
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interceptin…
|
CWE-200
Information Exposure
|
CVE-2016-5958
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267260
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati…
|
CWE-89
SQL Injection
|
CVE-2016-5952
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
