Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2017-1151 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. | 8.1 |
| 2017-03-20 | CVE-2017-1146 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0 IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2017-1145 | Improper Resource Shutdown or Release vulnerability in IBM Websphere MQ 8.0.0.6 IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. | 8.6 |
| 2017-03-20 | CVE-2017-1134 | Unspecified vulnerability in IBM Power Hardware Management Console 3.3.2/4.1 IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. | 7.8 |
| 2017-03-20 | CVE-2016-9697 | Information Exposure vulnerability in IBM Rational Rhapsody Design Manager An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. | 3.1 |
| 2017-03-20 | CVE-2016-9696 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. | 5.4 |
| 2017-03-20 | CVE-2016-9694 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2016-8973 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. | 4.3 |
| 2017-03-20 | CVE-2016-2981 | Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. | 6.8 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |