Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-26 | CVE-2016-2999 | Information Exposure vulnerability in IBM Connections IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. | 6.5 |
| 2016-09-26 | CVE-2016-0379 | Data Processing Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | 3.1 |
| 2016-09-26 | CVE-2016-0248 | Information Exposure vulnerability in IBM Security Guardium 10.0/9.0 IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | 3.7 |
| 2016-09-12 | CVE-2016-5954 | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | 6.5 |
| 2016-09-12 | CVE-2016-5927 | Information Exposure vulnerability in IBM Tivoli Storage Manager for Space Management IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output. | 5.5 |
| 2016-09-12 | CVE-2016-0331 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-09-02 | CVE-2016-5879 | Improper Input Validation vulnerability in IBM MQ Appliance Firmware 8.0 MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. | 8.8 |
| 2016-09-01 | CVE-2016-3010 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005. | 5.4 |
| 2016-09-01 | CVE-2016-3008 | Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956. | 5.4 |
| 2016-09-01 | CVE-2016-3005 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010. | 5.4 |