Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2016-6022 | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-27 | CVE-2017-1153 | Unspecified vulnerability in IBM Tririga Application Platform IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. | 8.8 |
| 2017-03-27 | CVE-2017-1143 | Information Exposure vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.3 |
| 2017-03-27 | CVE-2017-1142 | Information Exposure vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 6.5 |
| 2017-03-27 | CVE-2017-1120 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5/9.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-03-27 | CVE-2016-9737 | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-27 | CVE-2016-8960 | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. | 8.8 |
| 2017-03-27 | CVE-2016-6102 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. | 3.7 |
| 2017-03-27 | CVE-2016-6056 | Cross-site Scripting vulnerability in IBM Call Center for Commerce 9.3/9.4 IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2017-1155 | Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. | 4.3 |