IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.