Ibm

Bigfix Platform

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-1219

  • EPSS 0.54%
  • Veröffentlicht 19.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859...

6.1

CVE-2017-1203

  • EPSS 0.31%
  • Veröffentlicht 19.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...

8.8

CVE-2017-1218

  • EPSS 0.14%
  • Veröffentlicht 19.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.

6.1

CVE-2017-1223

  • EPSS 0.21%
  • Veröffentlicht 19.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL di...

7.5

CVE-2017-1224

  • EPSS 0.14%
  • Veröffentlicht 19.07.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.

7.8

CVE-2016-0214

  • EPSS 0.48%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick a...

6.5

CVE-2016-6085

  • EPSS 0.18%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.

6.5

CVE-2016-6084

  • EPSS 0.19%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.

10

CVE-2016-6082

  • EPSS 7.43%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.

8.1

CVE-2016-0396

  • EPSS 0.53%
  • Veröffentlicht 01.02.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.