Vendor CVEs
IBM
All CVEs
8,260 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1515 | Med | 0.28 | 4.3 | 0.01 | Jan 26, 2018 | IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | ||
| CVE-2015-7484 | Med | 0.28 | 4.3 | 0.01 | Jan 16, 2018 | IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force… | ||
| CVE-2017-1727 | Med | 0.28 | 4.3 | 0.01 | Jan 4, 2018 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | ||
| CVE-2017-1557 | Med | 0.28 | 4.3 | 0.01 | Jan 2, 2018 | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | ||
| CVE-2017-1191 | Med | 0.28 | 4.3 | 0.01 | Dec 27, 2017 | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. | ||
| CVE-2017-1257 | Med | 0.28 | 4.3 | 0.01 | Dec 20, 2017 | IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | ||
| CVE-2017-1507 | Med | 0.28 | 4.3 | 0.01 | Dec 11, 2017 | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | ||
| CVE-2017-1481 | Med | 0.28 | 4.3 | 0.01 | Dec 7, 2017 | IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | ||
| CVE-2017-1342 | Med | 0.28 | 4.3 | 0.01 | Dec 7, 2017 | IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | ||
| CVE-2017-1570 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. | ||
| CVE-2017-1484 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | ||
| CVE-2017-1283 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. | ||
| CVE-2017-1251 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | ||
| CVE-2017-1240 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | ||
| CVE-2016-6024 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | ||
| CVE-2017-1226 | Med | 0.28 | 4.3 | 0.01 | Oct 26, 2017 | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905. | ||
| CVE-2017-1295 | Med | 0.28 | 4.3 | 0.01 | Oct 25, 2017 | IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. | ||
| CVE-2017-1241 | Med | 0.28 | 4.3 | 0.01 | Oct 25, 2017 | An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | ||
| CVE-2017-1555 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2017 | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | ||
| CVE-2016-2976 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. | ||
| CVE-2016-2966 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | ||
| CVE-2016-0358 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | ||
| CVE-2016-2977 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. | ||
| CVE-2016-2969 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | ||
| CVE-2016-2959 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | ||
| CVE-2016-10503 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803. | ||
| CVE-2016-2970 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | ||
| CVE-2017-1377 | Med | 0.28 | 4.3 | 0.01 | Aug 10, 2017 | IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874. | ||
| CVE-2017-1357 | Med | 0.28 | 4.3 | 0.01 | Aug 9, 2017 | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. | ||
| CVE-2016-6018 | Med | 0.28 | 4.3 | 0.01 | Jul 19, 2017 | IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. | ||
| CVE-2017-1157 | Med | 0.28 | 4.3 | 0.01 | Jul 5, 2017 | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. | ||
| CVE-2016-9700 | Med | 0.28 | 4.3 | 0.01 | Jul 5, 2017 | IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. | ||
| CVE-2017-1326 | Med | 0.28 | 4.3 | 0.01 | Jun 22, 2017 | IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. | ||
| CVE-2017-1099 | Med | 0.28 | 4.3 | 0.03 | Jun 13, 2017 | IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. | ||
| CVE-2016-8987 | Med | 0.28 | 4.3 | 0.01 | Jun 8, 2017 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | ||
| CVE-2016-3051 | Med | 0.28 | 4.3 | 0.01 | Jun 7, 2017 | IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | ||
| CVE-2016-9735 | Med | 0.28 | 4.3 | 0.01 | May 15, 2017 | IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, | ||
| CVE-2017-1141 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | ||
| CVE-2016-9978 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | ||
| CVE-2016-8923 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. | ||
| CVE-2017-1152 | Med | 0.28 | 4.3 | 0.01 | Apr 14, 2017 | IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | ||
| CVE-2016-8926 | Med | 0.28 | 4.3 | 0.01 | Apr 14, 2017 | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. | ||
| CVE-2017-1171 | Med | 0.28 | 4.3 | 0.01 | Mar 31, 2017 | The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. | ||
| CVE-2017-1155 | Med | 0.28 | 4.3 | 0.01 | Mar 20, 2017 | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. | ||
| CVE-2016-8973 | Med | 0.28 | 4.3 | 0.01 | Mar 20, 2017 | IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | ||
| CVE-2016-9730 | Med | 0.28 | 4.3 | 0.00 | Mar 7, 2017 | IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549. | ||
| CVE-2016-6060 | Med | 0.28 | 4.3 | 0.01 | Feb 15, 2017 | An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. | ||
| CVE-2016-0308 | Med | 0.28 | 4.3 | 0.01 | Feb 8, 2017 | IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | ||
| CVE-2016-0307 | Med | 0.28 | 4.3 | 0.01 | Feb 8, 2017 | IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. | ||
| CVE-2016-9748 | Med | 0.28 | 4.3 | 0.01 | Feb 8, 2017 | IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. |
- risk 0.28cvss 4.3epss 0.01
IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.
- risk 0.28cvss 4.3epss 0.01
IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force…
- risk 0.28cvss 4.3epss 0.01
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.
- risk 0.28cvss 4.3epss 0.01
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.
- risk 0.28cvss 4.3epss 0.01
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.
- risk 0.28cvss 4.3epss 0.01
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
- risk 0.28cvss 4.3epss 0.01
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.
- risk 0.28cvss 4.3epss 0.01
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
- risk 0.28cvss 4.3epss 0.01
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
- risk 0.28cvss 4.3epss 0.01
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
- risk 0.28cvss 4.3epss 0.01
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
- risk 0.28cvss 4.3epss 0.01
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
- risk 0.28cvss 4.3epss 0.01
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.
- risk 0.28cvss 4.3epss 0.01
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
- risk 0.28cvss 4.3epss 0.01
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.
- risk 0.28cvss 4.3epss 0.01
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.
- risk 0.28cvss 4.3epss 0.01
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.
- risk 0.28cvss 4.3epss 0.01
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874.
- risk 0.28cvss 4.3epss 0.01
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
- risk 0.28cvss 4.3epss 0.01
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.
- risk 0.28cvss 4.3epss 0.01
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.
- risk 0.28cvss 4.3epss 0.03
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
- risk 0.28cvss 4.3epss 0.01
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
- risk 0.28cvss 4.3epss 0.01
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
- risk 0.28cvss 4.3epss 0.01
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.
- risk 0.28cvss 4.3epss 0.01
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.
- risk 0.28cvss 4.3epss 0.01
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
- risk 0.28cvss 4.3epss 0.01
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.
- risk 0.28cvss 4.3epss 0.01
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
- risk 0.28cvss 4.3epss 0.01
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.
- risk 0.28cvss 4.3epss 0.01
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
- risk 0.28cvss 4.3epss 0.01
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
- risk 0.28cvss 4.3epss 0.00
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.
- risk 0.28cvss 4.3epss 0.01
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.
- risk 0.28cvss 4.3epss 0.01
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
- risk 0.28cvss 4.3epss 0.01
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
- risk 0.28cvss 4.3epss 0.01
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
Page 97 of 166