Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-02 | CVE-2016-6095 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-02-01 | CVE-2016-9008 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | 7.5 |
| 2017-02-01 | CVE-2016-8938 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. | 10.0 |
| 2017-02-01 | CVE-2016-8932 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-02-01 | CVE-2016-8931 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-02-01 | CVE-2016-2942 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | 7.5 |
| 2017-02-01 | CVE-2016-0320 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. | 4.3 |
| 2017-02-01 | CVE-2016-6105 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.2 |
| 2017-02-01 | CVE-2016-8942 | Improper Access Control vulnerability in IBM products IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | 3.1 |
| 2017-02-01 | CVE-2016-6085 | Improper Access Control vulnerability in IBM Bigfix Platform IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | 6.5 |