CVE-2016-9748

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.

Source: CVE-2016-9748

CVE-2016-2866

An specified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.

Source: CVE-2016-2866

CVE-2017-1128

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Source: CVE-2017-1128

CVE-2015-5013

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

Source: CVE-2015-5013

CVE-2016-6032

IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Source: CVE-2016-6032

CVE-2017-2765

EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system.

Source: CVE-2017-2765

CVE-2016-10213

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Source: CVE-2016-10213

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

Source: CVE-2016-0270

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiWLC allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.

Source: CVE-2016-8492

CVE-2016-10212

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.

Source: CVE-2016-10212