|
269951
|
7.3 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
|
CWE-255
Credentials Management
|
CVE-2016-2936
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269952
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
|
CWE-20
Improper Input Validation
|
CVE-2016-2935
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269953
|
6.1 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2934
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269954
|
6.8 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
|
CWE-22
Path Traversal
|
CVE-2016-2933
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269955
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
|
CWE-91
Blind XPath Injection
|
CVE-2016-2932
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269956
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-200
Information Exposure
|
CVE-2016-2931
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269957
|
8.1 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
|
CWE-254
CWE-284
7PK - Security Features
Improper Access Control
|
CVE-2016-2929
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269958
|
4.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-2928
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269959
|
5.9 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms …
|
CWE-200
Information Exposure
|
CVE-2016-2927
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269960
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_team_concert
rational_rhapsody_design_manager
rational_engineering_lifecycle_manager
rational_quality_manager
rational_collaborative_lifecycle_management
rational_software_arc…
|
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 …
|
CWE-79
Cross-site Scripting
|
CVE-2016-2926
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
