Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2016-02-29 CVE-2016-0245 Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
5.4
2016-02-29 CVE-2016-0244 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
network
low complexity
ibm CWE-79
6.1
2016-02-29 CVE-2016-0243 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
network
low complexity
ibm CWE-79
6.1
2016-02-29 CVE-2016-0225 Improper Access Control vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-284
4.9
2016-02-29 CVE-2016-0216 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.
network
low complexity
ibm CWE-119
critical
9.8
2016-02-29 CVE-2016-0213 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.
network
low complexity
ibm CWE-119
critical
9.8
2016-02-29 CVE-2016-0212 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.
network
low complexity
ibm CWE-119
critical
9.8
2016-02-29 CVE-2015-8524 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-02-29 CVE-2015-7491 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-29 CVE-2015-7457 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1