Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-4990 Information Exposure vulnerability in IBM Tealeaf Customer Experience
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
local
high complexity
ibm CWE-200
4.0
2016-01-02 CVE-2015-4989 Information Exposure vulnerability in IBM Tealeaf Customer Experience
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
network
high complexity
ibm CWE-200
3.7
2016-01-01 CVE-2015-7456 Information Exposure vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
network
low complexity
ibm CWE-200
6.5
2016-01-01 CVE-2015-7409 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.
network
low complexity
ibm CWE-79
5.4
2016-01-01 CVE-2015-7445 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
network
low complexity
ibm CWE-200
4.3
2016-01-01 CVE-2015-7421 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.
network
high complexity
ibm CWE-200
3.7
2016-01-01 CVE-2015-7420 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
network
high complexity
ibm CWE-200
3.7
2016-01-01 CVE-2015-7415 Cross-site Scripting vulnerability in IBM Urbancode Deploy
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-01 CVE-2015-7410 Code vulnerability in IBM Sterling B2B Integrator 5.2
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
7.4
2016-01-01 CVE-2015-5049 SQL Injection vulnerability in IBM Openpages GRC Platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
5.4