Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-15 | CVE-2015-7444 | Information Exposure vulnerability in IBM Websphere Commerce 7.0.0.8/7.0.0.9 The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-02-15 | CVE-2015-7408 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. | 3.7 |
| 2016-02-15 | CVE-2015-7398 | Cross-site Scripting vulnerability in IBM Emptoris Contract Management Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-15 | CVE-2015-5050 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-15 | CVE-2015-5042 | Improper Input Validation vulnerability in IBM Emptoris Contract Management IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file. | 7.5 |
| 2016-02-15 | CVE-2015-5012 | Cryptographic Issues vulnerability in IBM products The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 7.5 |
| 2016-02-15 | CVE-2015-5010 | 7PK - Security Features vulnerability in IBM products IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
| 2016-02-15 | CVE-2015-4991 | Information Exposure vulnerability in IBM Spss Modeler IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file. | 4.0 |
| 2016-02-15 | CVE-2015-4957 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-15 | CVE-2015-4956 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager 7.1.0 The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | 7.4 |