Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-9010 7PK - Security Features vulnerability in IBM Integration BUS and Websphere Message Broker
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-254
6.1
2017-02-15 CVE-2016-8972 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client.
local
low complexity
ibm CWE-264
7.8
2017-02-15 CVE-2016-8968 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management 6.0.0/6.0.1/6.0.2
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-15 CVE-2016-8944 Improper Input Validation vulnerability in IBM AIX 7.1/7.2
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system.
local
low complexity
ibm CWE-20
5.5
2017-02-15 CVE-2016-6079 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
local
low complexity
ibm CWE-264
7.8
2017-02-15 CVE-2016-6077 Improper Access Control vulnerability in IBM Cognos Disclosure Management
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document.
local
low complexity
ibm CWE-284
5.3
2017-02-15 CVE-2016-6060 Information Exposure vulnerability in IBM products
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names.
network
low complexity
ibm CWE-200
4.3
2017-02-15 CVE-2016-6033 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-15 CVE-2016-0360 Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath.
network
low complexity
ibm CWE-502
critical
9.8
2017-02-13 CVE-2017-1121 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4