Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-3023 |
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-3022 |
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-3021 |
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2016-3018 |
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-3017 |
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-3016 |
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 4.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-2987 |
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-2939 |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-2938 |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-2908 |
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2016-0396 |
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-0394 |
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-0297 |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2016-0296 |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-0265 |
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-3792 |
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675. Published: February 01, 2017; 2:59:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-3791 |
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837. Published: February 01, 2017; 2:59:00 PM -0500 |
V3.0: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-3790 |
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263. Published: February 01, 2017; 2:59:00 PM -0500 |
V3.0: 8.6 HIGH V2.0: 7.8 HIGH |
CVE-2016-9225 |
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946. Published: February 01, 2017; 2:59:00 PM -0500 |
V3.0: 8.6 HIGH V2.0: 7.8 HIGH |
CVE-2016-10079 |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. Published: February 01, 2017; 2:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |