|
265311
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
|
CWE-399
Resource Management Errors
|
CVE-2016-8919
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265312
|
5.5 |
MEDIUM
Local
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
|
CWE-255
Credentials Management
|
CVE-2016-8967
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265313
|
5.5 |
MEDIUM
Local
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
|
CWE-200
Information Exposure
|
CVE-2016-8981
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265314
|
8.1 |
HIGH
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex…
|
CWE-611
XXE
|
CVE-2016-8980
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265315
|
5.9 |
MEDIUM
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab…
|
CWE-200
Information Exposure
|
CVE-2016-8966
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265316
|
6.1 |
MEDIUM
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could…
|
CWE-601
Open Redirect
|
CVE-2016-8961
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265317
|
5.4 |
MEDIUM
Network
|
ibm
|
spectrum_control
tivoli_storage_productivity_center
|
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8943
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265318
|
3.1 |
LOW
Network
|
ibm
|
spectrum_control
tivoli_storage_productivity_center
|
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
|
CWE-284
Improper Access Control
|
CVE-2016-8942
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265319
|
8.8 |
HIGH
Network
|
ibm
|
spectrum_control
tivoli_storage_productivity_center
|
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website…
|
CWE-352
Origin Validation Error
|
CVE-2016-8941
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265320
|
6.1 |
MEDIUM
Network
|
ibm
|
social_rendering_templates_for_digital_data_connector
|
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8936
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
