Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-01-02 | CVE-2015-7437 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2 Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. | 5.5 |
2016-01-02 | CVE-2015-7436 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Common Reporting IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. | 2.5 |
2016-01-02 | CVE-2015-7435 | 7PK - Security Features vulnerability in IBM Tivoli Common Reporting IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. | 2.5 |
2016-01-02 | CVE-2015-7431 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2 Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
2016-01-02 | CVE-2015-7426 | OS Command Injection vulnerability in IBM products The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
2016-01-02 | CVE-2015-7422 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access 7.1 Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | 5.5 |
2016-01-02 | CVE-2015-7416 | Improper Input Validation vulnerability in IBM I Access 7.1 AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | 4.0 |
2016-01-02 | CVE-2015-7407 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Mashups Center 3.0.0.1 Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
2016-01-02 | CVE-2015-7403 | Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors. | 4.0 |
2016-01-02 | CVE-2015-7400 | Resource Management Errors vulnerability in IBM Mashups Center 3.0.0.1 The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.7 |