|
268311
|
8.2 |
HIGH
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
|
CWE-284
Improper Access Control
|
CVE-2016-6105
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268312
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc…
|
CWE-22
Path Traversal
|
CVE-2016-6126
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268313
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6125
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268314
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-6124
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268315
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6123
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268316
|
4.3 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
|
CWE-200
Information Exposure
|
CVE-2016-6122
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268317
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
domino
|
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6113
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268318
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial …
|
NVD-CWE-noinfo
|
CVE-2016-6090
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268319
|
6.5 |
MEDIUM
Adjacent
|
ibm
|
bigfix_platform
|
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
|
CWE-284
Improper Access Control
|
CVE-2016-6085
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268320
|
6.5 |
MEDIUM
Adjacent
|
ibm
|
bigfix_platform
|
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.
|
CWE-20
Improper Input Validation
|
CVE-2016-6084
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
