|
267241
|
4.3 |
MEDIUM
Network
|
ibm
|
tivoli_storage_manager
|
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
|
CWE-284
Improper Access Control
|
CVE-2016-6044
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267242
|
7.0 |
HIGH
Local
|
ibm
|
tivoli_storage_manager
|
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
|
CWE-384
Session Fixation
|
CVE-2016-6043
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267243
|
7.3 |
HIGH
Local
|
ibm
|
security_appscan
|
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6042
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267244
|
5.0 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
|
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
|
CWE-384
Session Fixation
|
CVE-2016-6040
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267245
|
5.4 |
MEDIUM
Network
|
ibm
|
jazz_reporting_service
|
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6039
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267246
|
6.8 |
MEDIUM
Network
|
ibm
|
tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware
|
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
|
CWE-200
Information Exposure
|
CVE-2016-6034
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267247
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
|
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6030
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267248
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
|
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6028
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267249
|
6.1 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a …
|
CWE-601
Open Redirect
|
CVE-2016-6020
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267250
|
6.1 |
MEDIUM
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6000
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
