Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5958 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.
network
low complexity
ibm CWE-200
7.5
7.5
2017-02-01 CVE-2016-5952 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8
2017-02-01 CVE-2016-5951 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-01 CVE-2016-5950 Credentials Management vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
6.5
6.5
2017-02-01 CVE-2016-5949 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
network
low complexity
ibm CWE-254
4.3
4.3
2017-02-01 CVE-2016-5948 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-01 CVE-2016-5939 SQL Injection vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2017-02-01 CVE-2016-5937 Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2017-02-01 CVE-2016-5899 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-01 CVE-2016-5898 7PK - Security Features vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.
network
low complexity
ibm CWE-254
4.3
4.3