2017-02-03
2017-02-03 07:59Z
CRIT

CVE-2017-2766 — Emc Documentum_eroom: Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2766

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. CVSSv3.1 9.8 (CRITICAL)

CWECWE 640VNDEmcTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-02
2017-02-02 22:59Z
HIGH

CVE-2016-6103 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6103

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-02
2017-02-02 22:59Z
CRIT

CVE-2016-6095 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6095

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-02
2017-02-02 15:59Z
CRIT

CVE-2017-5600 — Netapp Oncommand_insight: The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5600

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDNetappTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-02
2017-02-02 07:59Z
CRIT

CVE-2017-5219 — Sagecrm Sagecrm: The Component Manager functionality, provided by SageCRM, permits additional components to be added to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5219

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDSagecrmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-02
2017-02-02 07:59Z
HIGH

CVE-2017-5218 — Sagecrm Sagecrm: A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5218

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDSagecrmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 22:59Z
CRIT

CVE-2016-8938 — Ibm Urbancode_deploy: UrbanCode Deploy could allow a user to execute code using a specially crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8938

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. CVSSv3.1 10.0 (CRITICAL)

CWECWE 284VNDIbmTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-01
2017-02-01 22:59Z
HIGH

CVE-2016-8932 — Ibm Kenexa_lms: Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8932

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 22:59Z
HIGH

CVE-2016-8931 — Ibm Kenexa_lms: Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8931

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 21:59Z
HIGH

CVE-2016-6105 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6105

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. CVSSv3.1 8.2 (HIGH)

CWECWE 284VNDIbmTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-8980 — Ibm License_metric_tool: BigFix Inventory v9 is vulnerable to a denial of service, caused by an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8980

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-8941 — Ibm Spectrum_control: Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8941

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-8921 — Ibm Filenet_workplace_xt: FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8921

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-6124 — Ibm Kenexa_lms_on_cloud: Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6124

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
CRIT

CVE-2016-6090 — Ibm Websphere_commerce: WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6090

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. CVSSv3.1 9.8 (CRITICAL)

VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-01
2017-02-01 20:59Z
CRIT

CVE-2016-6082 — Ibm Bigfix_platform: BigFix Platform could allow a remote attacker to execute arbitrary code on the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6082

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSSv3.1 10.0 (CRITICAL)

CWECWE 416VNDIbmTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-6059 — Ibm Infosphere_datastage: InfoSphere Information Server is vulnerable to a denial of service, caused by an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6059

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-6045 — Ibm Tivoli_storage_manager: Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6045

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
CRIT

CVE-2016-5964 — Ibm Security_privileged_identity_manager: Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5964

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-5952 — Ibm Kenexa_lcms_premier: Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5952

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-5937 — Ibm Kenexa_lcms_premier: Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5937

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-3029 — Ibm Security_access_manager_9.0_firmware: Security Access Manager for Web is vulnerable to cross-site request forgery which could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3029

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-01
2017-02-01 20:59Z
CRIT

CVE-2016-2908 — Ibm Security_access_manager_9.0_firmware: Single Sign On for Bluemix could allow a remote attacker to obtain sensitive

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2908

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. CVSSv3.1 9.1 (CRITICAL)

CWECWE 611VNDIbmTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-01
2017-02-01 20:59Z
HIGH

CVE-2016-0396 — Ibm Bigfix_platform: Tivoli Endpoint Manager could allow a user under special circumstances to inject commands

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-0396

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. CVSSv3.1 8.1 (HIGH)

CWECWE 77VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-01
2017-02-01 19:59Z
CRIT

CVE-2017-3792 — Cisco Telepresence_mcu_software: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3792

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough cont CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDCiscoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score