Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-10 | CVE-2016-5889 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-05-10 | CVE-2016-5888 | Cross-site Scripting vulnerability in IBM Interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-10 | CVE-2016-3032 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-05 | CVE-2017-1156 | Open Redirect vulnerability in IBM Websphere Portal 8.5/9.0 IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 8.8 |
| 2017-05-05 | CVE-2016-9692 | Improper Input Validation vulnerability in IBM Websphere Cast Iron Solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. | 8.6 |
| 2017-05-05 | CVE-2016-9691 | XXE vulnerability in IBM Websphere Cast Iron Solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.6 |
| 2017-05-05 | CVE-2016-8916 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. | 5.5 |
| 2017-05-05 | CVE-2016-0255 | Cross-site Scripting vulnerability in IBM Marketing Platform IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. | 6.1 |
| 2017-05-03 | CVE-2016-9976 | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. | 8.4 |
| 2017-05-03 | CVE-2016-2930 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.3 IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. | 7.5 |