Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-0396 Command Injection vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
network
high complexity
ibm CWE-77
8.1
2017-02-01 CVE-2016-0394 Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
local
low complexity
ibm CWE-275
3.3
2017-02-01 CVE-2016-0297 Information Exposure vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
network
high complexity
ibm CWE-200
3.7
2017-02-01 CVE-2016-0296 Information Exposure Through Log Files vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
local
low complexity
ibm CWE-532
3.3
2017-02-01 CVE-2016-0265 Cross-site Scripting vulnerability in IBM Campaign
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2017-3792 Improper Input Validation vulnerability in Cisco Telepresence MCU Software
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
9.8
2017-02-01 CVE-2017-3791 Improper Authentication vulnerability in Cisco Prime Home
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges.
network
low complexity
cisco CWE-287
critical
10.0
2017-02-01 CVE-2017-3790 Improper Input Validation vulnerability in Cisco products
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2017-02-01 CVE-2016-9225 Resource Management Errors vulnerability in Cisco ASA CX Context-Aware Security Software
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-399
8.6
2017-02-01 CVE-2016-10079 Improper Input Validation vulnerability in SAP Saplpd 7400.3.11.33
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
network
low complexity
sap CWE-20
7.5