Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2015-8796 Cross-site Scripting vulnerability in Apache Solr
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
network
low complexity
apache CWE-79
6.1
2016-02-15 CVE-2015-8795 Cross-site Scripting vulnerability in Apache Solr
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
network
low complexity
apache CWE-79
6.1
2016-02-15 CVE-2015-8531 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-02-15 CVE-2015-7492 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Reference Data Management
Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-15 CVE-2015-7472 Unspecified vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.
network
low complexity
ibm
7.2
2016-02-15 CVE-2015-7444 Information Exposure vulnerability in IBM Websphere Commerce 7.0.0.8/7.0.0.9
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.3
2016-02-15 CVE-2015-7408 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
network
high complexity
ibm CWE-264
3.7
2016-02-15 CVE-2015-7398 Cross-site Scripting vulnerability in IBM Emptoris Contract Management
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-15 CVE-2015-5050 Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-02-15 CVE-2015-5042 Improper Input Validation vulnerability in IBM Emptoris Contract Management
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.
network
low complexity
ibm CWE-20
7.5