Ibm Bigfix Platform vulnerabilities

CVE-2016-0297 [LOW] CWE-200 CVE-2016-0297: IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.

CVE-2016-0296 [LOW] CWE-532 CVE-2016-0296: IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive informatio IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

CVE-2016-0293 [MEDIUM] CWE-79 CVE-2016-0293: Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9 Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.

CVE-2016-0269 [MEDIUM] CWE-79 CVE-2016-0269: Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9. Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.