Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Tivoli Endpoint Manager  Security Vulnerabilities
CVE-2012-0718
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-18
CVE-2014-6137
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.012
Published
2015-02-16
CVE-2014-6113
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-02-16
CVE-2014-3066
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.009
Published
2014-07-02
CVE-2013-0452
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.
CVSS Score
6.8
EPSS Score
0.001
Published
2013-03-29
CVE-2013-0453
Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
3.5
EPSS Score
0.002
Published
2013-03-21
CVE-2012-4841
Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.
CVSS Score
5.0
EPSS Score
0.006
Published
2012-11-29
CVE-2012-0719
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-03-22
CVE-2012-1837
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVSS Score
5.0
EPSS Score
0.002
Published
2012-03-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved