Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-2766 — Emc Documentum_eroom: Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6103 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)
CVE-2016-6095 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5600 — Netapp Oncommand_insight: The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5219 — Sagecrm Sagecrm: The Component Manager functionality, provided by SageCRM, permits additional components to be added to
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5218 — Sagecrm Sagecrm: A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3.
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp CVSSv3.1 8.8 (HIGH)
CVE-2016-8938 — Ibm Urbancode_deploy: UrbanCode Deploy could allow a user to execute code using a specially crafted
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. CVSSv3.1 10.0 (CRITICAL)
CVE-2016-8932 — Ibm Kenexa_lms: Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)
CVE-2016-8931 — Ibm Kenexa_lms: Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)
CVE-2016-6105 — Ibm Security_key_lifecycle_manager: Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. CVSSv3.1 8.2 (HIGH)
CVE-2016-8980 — Ibm License_metric_tool: BigFix Inventory v9 is vulnerable to a denial of service, caused by an
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSSv3.1 8.1 (HIGH)
CVE-2016-8941 — Ibm Spectrum_control: Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)
CVE-2016-8921 — Ibm Filenet_workplace_xt: FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)
CVE-2016-6124 — Ibm Kenexa_lms_on_cloud: Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. CVSSv3.1 8.8 (HIGH)
CVE-2016-6090 — Ibm Websphere_commerce: WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6082 — Ibm Bigfix_platform: BigFix Platform could allow a remote attacker to execute arbitrary code on the
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSSv3.1 10.0 (CRITICAL)
CVE-2016-6059 — Ibm Infosphere_datastage: InfoSphere Information Server is vulnerable to a denial of service, caused by an
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSSv3.1 8.1 (HIGH)
CVE-2016-6045 — Ibm Tivoli_storage_manager: Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)
CVE-2016-5964 — Ibm Security_privileged_identity_manager: Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-5952 — Ibm Kenexa_lcms_premier: Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSSv3.1 8.8 (HIGH)
CVE-2016-5937 — Ibm Kenexa_lcms_premier: Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)
CVE-2016-3029 — Ibm Security_access_manager_9.0_firmware: Security Access Manager for Web is vulnerable to cross-site request forgery which could
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVSSv3.1 8.8 (HIGH)
CVE-2016-2908 — Ibm Security_access_manager_9.0_firmware: Single Sign On for Bluemix could allow a remote attacker to obtain sensitive
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. CVSSv3.1 9.1 (CRITICAL)
CVE-2016-0396 — Ibm Bigfix_platform: Tivoli Endpoint Manager could allow a user under special circumstances to inject commands
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. CVSSv3.1 8.1 (HIGH)
CVE-2017-3792 — Cisco Telepresence_mcu_software: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough cont CVSSv3.1 9.8 (CRITICAL)