Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-08 CVE-2016-0310 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
ibm CWE-79
3.5
2017-02-08 CVE-2016-0308 Improper Access Control vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
network
low complexity
ibm CWE-284
4.0
2017-02-08 CVE-2016-0307 Information Exposure vulnerability in IBM Connections
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
network
low complexity
ibm CWE-200
4.0
2017-02-08 CVE-2016-0305 Cross-site Scripting vulnerability in IBM Connections
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
ibm CWE-79
3.5
2017-02-08 CVE-2016-0214 Improper Access Control vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files.
network
ibm CWE-284
6.8
2017-02-08 CVE-2016-0210 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.1/5.2
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information.
network
low complexity
ibm CWE-200
5.0
2017-02-08 CVE-2016-0206 Improper Input Validation vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
local
low complexity
ibm CWE-20
2.1
2017-02-08 CVE-2016-0203 Information Exposure vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator
A vulnerability has been identified in the IBM Cloud Orchestrator task API.
local
low complexity
ibm CWE-200
2.1
2017-02-08 CVE-2016-0202 Information Exposure vulnerability in IBM Cloud Orchestrator
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator.
local
low complexity
ibm CWE-200
2.1
2017-02-08 CVE-2015-7494 Improper Access Control vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API.
local
low complexity
ibm CWE-284
1.7