Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-16 | CVE-2015-7486 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-16 | CVE-2015-7485 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-16 | CVE-2015-7484 | Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. | 4.3 |
| 2018-01-16 | CVE-2015-7474 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-12 | CVE-2016-0336 | Cross-site Scripting vulnerability in IBM Security Identity Manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-12 | CVE-2016-0335 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 |
| 2018-01-12 | CVE-2016-0332 | 7PK - Security Features vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 9.8 |
| 2018-01-12 | CVE-2016-0327 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. | 7.8 |
| 2018-01-12 | CVE-2016-0324 | Command Injection vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. | 8.8 |
| 2018-01-11 | CVE-2018-1361 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |