Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6080 Information Exposure vulnerability in IBM Websphere Message Broker 8.0
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-6072 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6065 OS Command Injection vulnerability in IBM Security Guardium
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
local
low complexity
ibm CWE-78
7.8
2017-02-01 CVE-2016-6061 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6059 XXE vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-01 CVE-2016-6054 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6047 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0.2
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6046 Cross-site Scripting vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6045 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-01 CVE-2016-6044 Improper Access Control vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
network
low complexity
ibm CWE-284
4.3