CVE-2016-8233
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
Source: CVE-2016-8233
[월:] 2017년 03월
CVE-2016-5932 (connections)
CVE-2016-5932 (connections)
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
Source: CVE-2016-5932 (connections)
CVE-2016-2879 (qradar_security_information_and_event_manager)
CVE-2016-2879 (qradar_security_information_and_event_manager)
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
Source: CVE-2016-2879 (qradar_security_information_and_event_manager)
CVE-2016-2880 (qradar_security_information_and_event_manager)
CVE-2016-2880 (qradar_security_information_and_event_manager)
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
Source: CVE-2016-2880 (qradar_security_information_and_event_manager)
CVE-2017-3826 (netflow_generation_appliance_software)
CVE-2017-3826 (netflow_generation_appliance_software)
A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. The following Cisco NetFlow Generation Appliances are vulnerable: NGA 3140, NGA 3240, NGA 3340. Cisco Bug IDs: CSCvc83320.
Source: CVE-2017-3826 (netflow_generation_appliance_software)
CVE-2016-9992 (kenexa_lcms_premier)
CVE-2016-9992 (kenexa_lcms_premier)
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.
CVE-2016-9994 (kenexa_lcms_premier)
CVE-2016-9994 (kenexa_lcms_premier)
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.
CVE-2016-9993 (kenexa_lcms_premier)
CVE-2016-9993 (kenexa_lcms_premier)
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.
CVE-2016-5932
CVE-2016-5932
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
Source: CVE-2016-5932
CVE-2016-2879
CVE-2016-2879
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
Source: CVE-2016-2879