IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. Date published : 2017-02-01 http://www.securityfocus.com/bid/95308 http://www.ibm.com/support/docview.wss?uid=swg21995014
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. Date published : 2017-02-01 http://www.securityfocus.com/bid/95902 http://www.ibm.com/support/docview.wss?uid=swg21995019
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information...
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. Date published : 2017-02-01 http://www.securityfocus.com/bid/95282 http://www.ibm.com/support/docview.wss?uid=swg21995029
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this...
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Date published : 2017-02-01 http://www.securityfocus.com/bid/94916 http://www.ibm.com/support/docview.wss?uid=swg21995128
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Date published : 2017-02-01...
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that...
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on...
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Date published : 2017-02-01 http://www.securityfocus.com/bid/95443 http://www.ibm.com/support/docview.wss?uid=swg21992072
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Date published : 2017-02-01 http://www.securityfocus.com/bid/95451 http://www.ibm.com/support/docview.wss?uid=swg21992072