Ibm Tivoli Endpoint Manager vulnerabilities

9 known vulnerabilities affecting ibm/tivoli_endpoint_manager.

Total CVEs

9

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

MEDIUM8LOW1

Vulnerabilities

Page 1 of 1

CVE-2012-0718MEDIUMCVSS 5.4v8.0v82020-02-18

CVE-2012-0718 [MEDIUM] CVE-2012-0718: IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.

CVE-2014-6113MEDIUMCVSS 4.3≤ 9.1.11172015-02-16

CVE-2014-6113 [MEDIUM] CWE-79 CVE-2014-6113: Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6137MEDIUMCVSS 4.3PoC≤ 9.1.11172015-02-16

CVE-2014-6137 [MEDIUM] CWE-79 CVE-2014-6137: Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-3066MEDIUMCVSS 5.0v9.12014-07-02

CVE-2014-3066 [MEDIUM] CWE-200 CVE-2014-3066: IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files vi IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2013-0452MEDIUMCVSS 6.8v8.22013-03-29

CVE-2013-0452 [MEDIUM] CWE-352 CVE-2013-0452: Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application befor Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

CVE-2013-0453LOWCVSS 3.5≤ 8.2v8.0+1 more2013-03-21

CVE-2013-0453 [LOW] CWE-79 CVE-2013-0453: Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2012-4841MEDIUMCVSS 5.0v8.22012-11-29

CVE-2012-4841 [MEDIUM] CWE-399 CVE-2012-4841: Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV- Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.

CVE-2012-0719MEDIUMCVSS 4.3v8.0v8.1+1 more2012-03-22

CVE-2012-0719 [MEDIUM] CWE-79 CVE-2012-0719: Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 a Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.

CVE-2012-1837MEDIUMCVSS 5.0≤ 8.1v8.02012-03-22

CVE-2012-1837 [MEDIUM] CWE-200 CVE-2012-1837: The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint M The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.