Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-2942 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | 7.5 |
| 2017-02-01 | CVE-2016-2941 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-2924 | Cross-site Scripting vulnerability in IBM Biginsights 4.2 IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2017-02-01 | CVE-2016-0320 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. | 4.3 |
| 2017-02-01 | CVE-2016-0218 | Cross-site Scripting vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2017-02-01 | CVE-2016-0217 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2017-02-01 | CVE-2016-8967 | Credentials Management vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-6117 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. | 5.3 |
| 2017-02-01 | CVE-2016-6105 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.2 |
| 2017-02-01 | CVE-2016-0371 | Unspecified vulnerability in IBM Tivoli Storage Manager The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. | 5.5 |