Weekly Update: a new vulnerability is published on the National Vulnerability Database (11 items)

New vulnerabilities from the NVD: CVE-2013-3017 IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. Published at: July 09, 2018 at 09:29PM View on website July 09, 2018 at 11:52PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-3001 Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127. Published at: July 09, 2018 at 09:29PM View on website July 09, 2018 at 11:52PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-3000 SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116. Published at: July 09, 2018 at 09:29PM View on website July 09, 2018 at 11:52PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-2999 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115. Published at: July 09, 2018 at 09:29PM View on website July 09, 2018 at 11:52PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-2972 IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. Published at: July 11, 2018 at 07:29PM View on website July 11, 2018 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-2951 IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. Published at: July 11, 2018 at 07:29PM View on website July 11, 2018 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-0594 Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. Published at: July 11, 2018 at 07:29PM View on website July 11, 2018 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-0592 Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. Published at: July 11, 2018 at 07:29PM View on website July 11, 2018 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-0589 IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. Published at: July 11, 2018 at 07:29PM View on website July 11, 2018 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-0708 Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue. Published at: July 11, 2018 at 11:29PM View on website July 12, 2018 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-0570 The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166. Published at: July 14, 2018 at 12:29AM View on website July 14, 2018 at 01:33AM via National Vulnerability Database