Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Bigfix Compliance
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1202 1 Ibm 1 Bigfix Compliance 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.
CVE-2017-1200 1 Ibm 1 Bigfix Compliance 2024-11-21 4.3 MEDIUM 3.7 LOW
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.
CVE-2017-1198 1 Ibm 1 Bigfix Compliance 2024-11-21 5.0 MEDIUM 3.7 LOW
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.
CVE-2017-1177 1 Ibm 1 Bigfix Compliance 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.