Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6068 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | 7.5 |
| 2017-02-01 | CVE-2016-6001 | Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | 3.1 |
| 2017-02-01 | CVE-2016-5953 | Information Exposure vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management transmits the session identifier within the URL. | 3.7 |
| 2017-02-01 | CVE-2016-5942 | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-5941 | Path Traversal vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. | 5.7 |
| 2017-02-01 | CVE-2016-5940 | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-5938 | Information Exposure vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2017-02-01 | CVE-2016-5881 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-2992 | Cross-site Scripting vulnerability in IBM Biginsights 4.2 IBM Infosphere BigInsights is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-2942 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | 7.5 |