Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5937 Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-01 CVE-2016-5899 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5898 7PK - Security Features vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.
network
low complexity
ibm CWE-254
4.3
2017-02-01 CVE-2016-5897 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5896 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-5884 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-5882 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-5880 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-3053 Permissions, Privileges, and Access Controls vulnerability in IBM AIX
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
local
low complexity
ibm CWE-264
7.8
2017-02-01 CVE-2016-3046 SQL Injection vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
2.7