| CVE-2016-2871 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. |
| CVE-2016-2869 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML v… |
| CVE-2016-5987 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers … |
| CVE-2016-5905 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via… |
| CVE-2016-5890 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. |
| CVE-2016-3057 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
| CVE-2016-3014 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5… |
| CVE-2016-3009 |
low |
3.5 |
3.5 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use… |
| CVE-2016-3004 |
medium |
4.6 |
4.6 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use… |
| CVE-2016-3002 |
low |
2.1 |
2.1 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. |
| CVE-2016-2963 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence… |
| CVE-2016-2958 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. |
| CVE-2016-2957 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. |
| CVE-2016-2953 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
| CVE-2016-2952 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. |
| CVE-2016-2951 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the … |
| CVE-2016-2950 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2016-2949 |
low |
3.3 |
3.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. |
| CVE-2016-2948 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. |
| CVE-2016-2943 |
low |
1.9 |
1.9 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. |
| CVE-2016-2940 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2016-2937 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil… |
| CVE-2016-2936 |
high |
7.3 |
7.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. |
| CVE-2016-2935 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. |
| CVE-2016-2934 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-2933 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. |
| CVE-2016-2932 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. |
| CVE-2016-2931 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
| CVE-2016-2929 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2016-2928 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. |
| CVE-2016-2927 |
medium |
5.9 |
5.9 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms … |
| CVE-2016-2926 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 … |
| CVE-2016-0319 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of… |
| CVE-2016-0318 |
medium |
5.0 |
5.0 |
|
|
ibm |
10y ago |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by lev… |
| CVE-2016-0317 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2016-0316 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to… |
| CVE-2016-5992 |
low |
2.5 |
2.5 |
|
|
ibm |
10y ago |
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. |
| CVE-2016-5991 |
medium |
4.5 |
4.5 |
|
|
ibm |
10y ago |
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. |
| CVE-2016-5981 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and S… |
| CVE-2016-5968 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… |
| CVE-2016-5967 |
medium |
5.5 |
5.5 |
|
|
ibm |
10y ago |
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. |
| CVE-2016-5955 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-3025 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attac… |
| CVE-2016-2988 |
high |
8.5 |
8.5 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … |
| CVE-2016-2986 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6… |
| CVE-2016-2985 |
high |
7.0 |
7.0 |
|
|
ibm |
10y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf… |
| CVE-2016-2984 |
high |
7.0 |
7.0 |
|
|
ibm |
10y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf… |
| CVE-2016-2947 |
low |
2.7 |
2.7 |
|
|
ibm |
10y ago |
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18… |
| CVE-2016-2996 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. |
| CVE-2016-2864 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2016-0378 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. |
| CVE-2016-0372 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … |
| CVE-2016-0353 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remot… |
| CVE-2016-0325 |
medium |
6.3 |
6.3 |
|
|
ibm |
10y ago |
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … |
| CVE-2016-0285 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2016-0284 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 … |
| CVE-2016-0282 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. |
| CVE-2016-0273 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2015-4961 |
low |
2.6 |
2.6 |
|
|
ibm |
10y ago |
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A b… |
| CVE-2016-5920 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users … |
| CVE-2016-3060 |
medium |
5.7 |
5.7 |
|
|
ibm |
10y ago |
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote aut… |
| CVE-2016-0377 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authentica… |
| CVE-2016-0328 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execu… |
| CVE-2016-0326 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote auth… |
| CVE-2016-0247 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstr… |
| CVE-2016-0246 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web scrip… |
| CVE-2016-0242 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. |
| CVE-2016-0241 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by se… |
| CVE-2016-0240 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier fo… |
| CVE-2016-0239 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges v… |
| CVE-2016-0236 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with ro… |
| CVE-2016-0249 |
high |
8.6 |
8.6 |
|
|
ibm |
10y ago |
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbit… |
| CVE-2016-0204 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… |
| CVE-2016-3056 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users… |
| CVE-2016-6027 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remot… |
| CVE-2016-6026 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… |
| CVE-2016-6025 |
medium |
5.9 |
5.9 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstati… |
| CVE-2016-6023 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary… |
| CVE-2016-5983 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbi… |
| CVE-2016-5901 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbi… |
| CVE-2016-5892 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated … |
| CVE-2016-5995 |
high |
7.3 |
7.3 |
|
linux-kernel |
ibm |
10y ago |
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse libra… |
| CVE-2016-5986 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote a… |
| CVE-2016-3042 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via v… |
| CVE-2016-5997 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5996 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5978 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9… |
| CVE-2016-5977 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0… |
| CVE-2016-5976 |
medium |
4.9 |
4.9 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5975 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9… |
| CVE-2016-5974 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary… |
| CVE-2016-5972 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive in… |
| CVE-2016-5971 |
high |
7.1 |
7.1 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via… |
| CVE-2016-5970 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot do… |
| CVE-2016-5963 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspe… |
| CVE-2016-5957 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by lever… |
| CVE-2016-5947 |
medium |
5.7 |
5.7 |
|
|
ibm |
10y ago |
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. |
| CVE-2016-5946 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot… |
| CVE-2016-5945 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. |
| CVE-2016-5944 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary … |
