|
272711
|
4.6 |
MEDIUM
Network
|
ibm
|
connections
|
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use…
|
CWE-352
Origin Validation Error
|
CVE-2016-3004
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272712
|
2.1 |
LOW
Physics
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
|
CWE-200
Information Exposure
|
CVE-2016-3002
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272713
|
8.8 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence…
|
CWE-352
Origin Validation Error
|
CVE-2016-2963
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272714
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.
|
CWE-200
Information Exposure
|
CVE-2016-2958
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272715
|
4.3 |
MEDIUM
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.
|
CWE-200
Information Exposure
|
CVE-2016-2957
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272716
|
3.7 |
LOW
Network
|
ibm
|
connections
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2016-2953
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272717
|
3.7 |
LOW
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
|
CWE-200
Information Exposure
|
CVE-2016-2952
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272718
|
3.7 |
LOW
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the …
|
CWE-310
Cryptographic Issues
|
CVE-2016-2951
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272719
|
6.5 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-2950
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272720
|
3.3 |
LOW
Local
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.
|
CWE-200
Information Exposure
|
CVE-2016-2949
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
