|
270621
|
6.5 |
MEDIUM
Local
|
ibm
|
tivoli_storage_manager
tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware
|
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
|
CWE-255
Credentials Management
|
CVE-2016-6110
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270622
|
7.5 |
HIGH
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
|
CWE-200
Information Exposure
|
CVE-2016-6068
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270623
|
3.1 |
LOW
Network
|
ibm
|
forms_experience_builder
|
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-6001
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270624
|
3.7 |
LOW
Network
|
ibm
|
sterling_selling_and_fulfillment_foundation
|
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa…
|
CWE-200
Information Exposure
|
CVE-2016-5953
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270625
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5942
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270626
|
5.7 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra…
|
CWE-22
Path Traversal
|
CVE-2016-5941
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270627
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5940
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270628
|
3.3 |
LOW
Local
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
|
CWE-200
Information Exposure
|
CVE-2016-5938
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270629
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5881
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270630
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
|
CWE-200
Information Exposure
|
CVE-2016-6117
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
