Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-29 | CVE-2015-7455 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. | 3.1 |
| 2016-02-29 | CVE-2015-7428 | Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 7.4 |
| 2016-02-21 | CVE-2015-7425 | Permissions, Privileges, and Access Controls vulnerability in IBM products The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution. | 10.0 |
| 2016-02-15 | CVE-2016-0232 | Information Exposure vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files. | 4.3 |
| 2016-02-15 | CVE-2016-0231 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.0.0 IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs. | 4.3 |
| 2016-02-15 | CVE-2015-8531 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-02-15 | CVE-2015-7492 | Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Reference Data Management Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-15 | CVE-2015-7472 | Unspecified vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. | 7.2 |
| 2016-02-15 | CVE-2015-7444 | Information Exposure vulnerability in IBM Websphere Commerce 7.0.0.8/7.0.0.9 The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-02-15 | CVE-2015-7408 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. | 3.7 |