Monthly Archive: February 2017

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to...

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. Date published : 2017-02-01 http://www.securityfocus.com/bid/96132 http://www.ibm.com/support/docview.wss?uid=swg21995340

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Date published : 2017-02-01 http://www.securityfocus.com/bid/96124 http://www.ibm.com/support/docview.wss?uid=swg21995348

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Date published : 2017-02-01 http://www.securityfocus.com/bid/96130 http://www.ibm.com/support/docview.wss?uid=swg21995360

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Date published : 2017-02-01 http://www.securityfocus.com/bid/96114 http://www.ibm.com/support/docview.wss?uid=swg21995436

IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Date published : 2017-02-01 http://www.ibm.com/support/docview.wss?uid=swg21995519

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. Date...

IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Date published : 2017-02-01 http://www.securityfocus.com/bid/95109 https://www.ibm.com/support/docview.wss?uid=swg21996097

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Date...

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. Date published : 2017-02-01 http://www.securityfocus.com/bid/95978 http://www.ibm.com/support/docview.wss?uid=swg2C1000220

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....