Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-01 | CVE-2016-2998 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data. | 3.5 |
| 2016-09-01 | CVE-2016-2997 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010. | 5.4 |
| 2016-09-01 | CVE-2016-2995 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010. | 5.4 |
| 2016-09-01 | CVE-2016-2956 | Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008. | 5.4 |
| 2016-09-01 | CVE-2016-2954 | Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008. | 5.4 |
| 2016-09-01 | CVE-2016-0385 | Information Exposure vulnerability in IBM Websphere Application Server Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.1 |
| 2016-09-01 | CVE-2016-0370 | Cross-site Scripting vulnerability in IBM Forms Experience Builder Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product. | 2.7 |
| 2016-09-01 | CVE-2016-0293 | Cross-site Scripting vulnerability in IBM Bigfix Platform Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | 6.1 |
| 2016-08-30 | CVE-2016-0397 | Information Exposure vulnerability in IBM Bigfix Webreports WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 5.9 |
| 2016-08-30 | CVE-2016-0292 | Information Exposure vulnerability in IBM Bigfix WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. | 5.5 |