Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-7437 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
ibm CWE-200
5.5
2016-01-02 CVE-2015-7436 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Common Reporting
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.
local
high complexity
ibm CWE-264
2.5
2016-01-02 CVE-2015-7435 7PK - Security Features vulnerability in IBM Tivoli Common Reporting
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.
local
high complexity
ibm CWE-254
2.5
2016-01-02 CVE-2015-7431 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-01-02 CVE-2015-7426 OS Command Injection vulnerability in IBM products
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
ibm CWE-78
critical
10.0
2016-01-02 CVE-2015-7422 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access 7.1
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
local
low complexity
ibm CWE-119
5.5
2016-01-02 CVE-2015-7416 Improper Input Validation vulnerability in IBM I Access 7.1
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.
local
low complexity
ibm CWE-20
4.0
2016-01-02 CVE-2015-7407 Cross-Site Request Forgery (CSRF) vulnerability in IBM Mashups Center 3.0.0.1
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-02 CVE-2015-7403 Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
local
low complexity
ibm
4.0
2016-01-02 CVE-2015-7400 Resource Management Errors vulnerability in IBM Mashups Center 3.0.0.1
The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-399
7.7