Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-6092 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | 6.2 |
| 2017-02-07 | CVE-2016-3020 | Improper Access Control vulnerability in IBM products IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. | 5.5 |
| 2017-02-02 | CVE-2017-1093 | Unspecified vulnerability in IBM AIX 6.1/7.1/7.2 IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | 7.8 |
| 2017-02-02 | CVE-2016-6116 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-02-02 | CVE-2016-6103 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-02 | CVE-2016-6099 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. | 5.3 |
| 2017-02-02 | CVE-2016-6095 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-02-02 | CVE-2016-5935 | Information Exposure vulnerability in IBM Dashboard Application Services HUB 3.1.3 IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. | 5.9 |
| 2017-02-01 | CVE-2016-9739 | Credentials Management vulnerability in IBM Security Identity Manager IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2017-02-01 | CVE-2016-9704 | Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. | 6.1 |