Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2017-02-23 CVE-2016-8974 XXE vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
8.1
2017-02-23 CVE-2016-6055 Cross-site Scripting vulnerability in IBM products
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-23 CVE-2016-5883 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-02-22 CVE-2016-8986 Improper Access Control vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests.
network
low complexity
ibm CWE-284
6.5
6.5
2017-02-22 CVE-2016-8915 Improper Access Control vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process.
network
low complexity
ibm CWE-284
6.5
6.5
2017-02-22 CVE-2016-3052 Information Exposure vulnerability in IBM Websphere MQ
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network.
network
high complexity
ibm CWE-200
5.9
5.9
2017-02-22 CVE-2016-3013 Data Processing Errors vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling.
network
low complexity
ibm CWE-19
6.5
6.5
2017-02-16 CVE-2016-6062 Cross-site Scripting vulnerability in IBM Resilient 26.0/26.1/26.2
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-02-16 CVE-2016-5919 Inadequate Encryption Strength vulnerability in IBM products
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
7.5
2017-02-15 CVE-2016-9706 XXE vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1