IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
Max CVSS
5.9
EPSS Score
0.10%
Published
2018-04-20
Updated
2018-05-22
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.
Max CVSS
5.9
EPSS Score
0.15%
Published
2018-04-20
Updated
2018-05-22
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.
Max CVSS
5.9
EPSS Score
0.13%
Published
2018-03-27
Updated
2018-04-23
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.21%
Published
2016-01-27
Updated
2016-01-28
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
Max CVSS
5.9
EPSS Score
0.28%
Published
2016-01-18
Updated
2016-12-07
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
Max CVSS
5.9
EPSS Score
0.52%
Published
2017-02-08
Updated
2017-11-15
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.09%
Published
2016-05-17
Updated
2016-11-28
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.19%
Published
2016-07-01
Updated
2016-11-28
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
Max CVSS
5.9
EPSS Score
0.22%
Published
2016-08-30
Updated
2016-11-28
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
Max CVSS
5.9
EPSS Score
0.08%
Published
2018-08-13
Updated
2019-10-09
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
Max CVSS
5.9
EPSS Score
0.26%
Published
2016-11-25
Updated
2016-11-30
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-02-01
Updated
2020-10-27
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.12%
Published
2017-02-22
Updated
2017-07-12
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.12%
Published
2017-02-08
Updated
2017-02-16
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.11%
Published
2017-02-02
Updated
2017-02-15
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-02-01
Updated
2017-02-07
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
Max CVSS
5.9
EPSS Score
0.22%
Published
2016-10-06
Updated
2016-11-28
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-08-14
Updated
2017-08-20
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-02-02
Updated
2017-02-07
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
Max CVSS
5.9
EPSS Score
0.16%
Published
2017-02-01
Updated
2017-02-09
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
Max CVSS
5.9
EPSS Score
0.15%
Published
2017-04-26
Updated
2017-07-11
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-02-01
Updated
2017-02-13
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.
Max CVSS
5.9
EPSS Score
0.11%
Published
2017-06-27
Updated
2017-06-30
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
Max CVSS
5.9
EPSS Score
0.15%
Published
2017-06-08
Updated
2017-06-15
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.
Max CVSS
5.9
EPSS Score
0.08%
Published
2019-02-05
Updated
2019-10-09
1794 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!