Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2016-3053 IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | N/A | NONE | β | 0 |
| CVE-2016-5880 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede... | N/A | NONE | β | 0 |
| CVE-2016-5882 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede... | N/A | NONE | β | 0 |
| CVE-2016-9097 The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain ci... | N/A | NONE | β | 0 |
| CVE-2016-5896 IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. | N/A | NONE | β | 0 |
| CVE-2016-5897 IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securi... | N/A | NONE | β | 0 |
| CVE-2016-5898 IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit thi... | N/A | NONE | β | 0 |
| CVE-2016-5899 IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-6085 IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | N/A | NONE | β | 0 |
| CVE-2016-5937 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts... | N/A | NONE | β | 0 |
| CVE-2016-5939 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ... | N/A | NONE | β | 0 |
| CVE-2016-5948 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-5949 IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | N/A | NONE | β | 0 |
| CVE-2016-5950 IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | N/A | NONE | β | 0 |
| CVE-2016-2941 IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | N/A | NONE | β | 0 |
| CVE-2016-5951 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-5952 IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informatio... | N/A | NONE | β | 0 |
| CVE-2016-5958 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting... | N/A | NONE | β | 0 |
| CVE-2016-5964 IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | N/A | NONE | β | 0 |
| CVE-2016-5966 IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An at... | N/A | NONE | β | 0 |
| CVE-2016-5980 IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-5984 IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted UR... | N/A | NONE | β | 0 |
| CVE-2016-5985 The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary... | N/A | NONE | β | 0 |
| CVE-2016-5988 IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | N/A | NONE | β | 0 |
| CVE-2016-5990 IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | N/A | NONE | β | 0 |
| CVE-2016-5994 IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | N/A | NONE | β | 0 |
| CVE-2016-6000 IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-6020 IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a r... | N/A | NONE | β | 0 |
| CVE-2016-6028 IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | N/A | NONE | β | 0 |
| CVE-2016-6030 IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... | N/A | NONE | β | 0 |
| CVE-2016-6034 IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | N/A | NONE | β | 0 |
| CVE-2016-6039 IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-6040 IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | N/A | NONE | β | 0 |
| CVE-2016-6042 IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted... | N/A | NONE | β | 0 |
| CVE-2016-6043 Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | N/A | NONE | β | 0 |
| CVE-2016-6044 IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. | N/A | NONE | β | 0 |
| CVE-2016-6061 IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... | N/A | NONE | β | 0 |
| CVE-2016-6045 IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we... | N/A | NONE | β | 0 |
| CVE-2016-6046 IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function... | N/A | NONE | β | 0 |
| CVE-2016-6047 IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | N/A | NONE | β | 0 |
| CVE-2016-6054 IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... | N/A | NONE | β | 0 |
| CVE-2016-6059 IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil... | N/A | NONE | β | 0 |
| CVE-2016-6065 IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | N/A | NONE | β | 0 |
| CVE-2016-6072 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... | N/A | NONE | β | 0 |
| CVE-2016-6080 The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | N/A | NONE | β | 0 |
| CVE-2016-6082 IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary ... | N/A | NONE | β | 0 |
| CVE-2016-6084 IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | N/A | NONE | β | 0 |
| CVE-2016-2942 IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | N/A | NONE | β | 0 |
| CVE-2016-6090 IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial o... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-6113 IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.