Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-9703 | Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | 2.4 |
| 2017-02-01 | CVE-2016-9008 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | 7.5 |
| 2017-02-01 | CVE-2016-9000 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. | 6.1 |
| 2017-02-01 | CVE-2016-8999 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. | 5.4 |
| 2017-02-01 | CVE-2016-8982 | Information Exposure vulnerability in IBM Infosphere Datastage 11.3/8.7/9.1 IBM InfoSphere Information Server stores sensitive information in URL parameters. | 5.3 |
| 2017-02-01 | CVE-2016-8977 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. | 5.3 |
| 2017-02-01 | CVE-2016-8963 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-8938 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. | 10.0 |
| 2017-02-01 | CVE-2016-8933 | Path Traversal vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2017-02-01 | CVE-2016-8932 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |