Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2018-1366 Unspecified vulnerability in IBM Content Navigator
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection.
network
ibm
6.8
2018-02-07 CVE-2017-1785 Information Exposure vulnerability in IBM API Connect
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information.
network
low complexity
ibm CWE-200
4.0
2018-02-07 CVE-2017-1692 Unspecified vulnerability in IBM AIX
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
local
low complexity
ibm
7.2
2018-02-02 CVE-2016-0342 Improper Access Control vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access.
network
low complexity
ibm CWE-284
5.5
2018-02-02 CVE-2016-0329 Open Redirect vulnerability in IBM Emptoris Sourcing
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-601
4.9
2018-02-02 CVE-2016-0312 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager.
network
low complexity
ibm CWE-200
5.0
2018-02-02 CVE-2016-0311 Cross-site Scripting vulnerability in IBM Tivoli Business Service Manager 6.1.0/6.1.1
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
2018-02-02 CVE-2016-0303 Cross-site Scripting vulnerability in IBM Tivoli Integrated Portal
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
2018-02-02 CVE-2016-0300 Improper Input Validation vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation.
network
low complexity
ibm CWE-20
5.5
2018-01-31 CVE-2017-1773 Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic.
network
ibm CWE-345
4.3