Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2017-05-03 CVE-2016-0382 Information Exposure vulnerability in IBM Tealeaf Consumer Experience
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS.
local
low complexity
ibm CWE-200
4.0
2017-04-28 CVE-2017-1194 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-04-28 CVE-2017-1141 Information Exposure vulnerability in IBM Insights Foundation for Energy 1.0/1.5/1.6
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages.
network
low complexity
ibm CWE-200
4.3
2017-04-26 CVE-2017-1170 Unspecified vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session.
local
low complexity
ibm
5.3
2017-04-26 CVE-2016-8962 Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
ibm CWE-255
5.9
2017-04-26 CVE-2016-8924 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier.
network
high complexity
ibm CWE-79
5.6
2017-04-25 CVE-2017-1274 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name.
network
low complexity
ibm CWE-119
8.8
2017-04-25 CVE-2017-1149 XXE vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-04-24 CVE-2015-0107 Path Traversal vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
network
low complexity
ibm CWE-22
6.5
2017-04-24 CVE-2015-0104 Improper Access Control vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-284
8.8