Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2016-01-01 CVE-2015-7456 Information Exposure vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
network
low complexity
ibm CWE-200
6.5
2016-01-01 CVE-2015-7445 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
network
low complexity
ibm CWE-200
4.3
2016-01-01 CVE-2015-7421 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.
network
high complexity
ibm CWE-200
3.7
2016-01-01 CVE-2015-7420 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
network
high complexity
ibm CWE-200
3.7
2015-12-31 CVE-2015-7447 Information Exposure vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.3
2015-12-31 CVE-2015-2913 Information Exposure vulnerability in Orientdb 2.0.14/2.1.0
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
network
high complexity
orientdb CWE-200
5.9
2015-12-31 CVE-2015-2896 Information Exposure vulnerability in Idera Uptime Infrastructure Monitor
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
network
low complexity
idera CWE-200
5.3
2015-12-31 CVE-2014-4876 Information Exposure vulnerability in Toshiba 4690 Operating System 6.3
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138.
network
high complexity
toshiba CWE-200
3.7
2015-12-30 CVE-2015-8703 Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
network
low complexity
zte CWE-200
6.5
2015-12-30 CVE-2015-7787 Information Exposure vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
low complexity
asus CWE-200
4.3