Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2016-6098 Improper Access Control vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-284
8.1
2017-06-07 CVE-2016-9977 Improper Input Validation vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier.
network
low complexity
ibm CWE-20
8.8
2017-05-22 CVE-2017-1289 XXE vulnerability in IBM SDK
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.2
2017-05-22 CVE-2016-6112 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application.
network
low complexity
ibm CWE-264
8.8
2017-05-10 CVE-2017-1137 Unspecified vulnerability in IBM Websphere Application Server 8.0/8.5/8.5.5
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security.
network
high complexity
ibm
8.1
2017-05-10 CVE-2017-1103 XXE vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-05-10 CVE-2016-5889 Cross-Site Request Forgery (CSRF) vulnerability in IBM Interact
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-05-05 CVE-2017-1156 Open Redirect vulnerability in IBM Websphere Portal 8.5/9.0
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
8.8
2017-05-05 CVE-2016-9692 Improper Input Validation vulnerability in IBM Websphere Cast Iron Solution
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-20
8.6
2017-05-05 CVE-2016-9691 XXE vulnerability in IBM Websphere Cast Iron Solution
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.6