Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2016-6100 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-03-31 CVE-2016-9707 XXE vulnerability in IBM products
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-03-31 CVE-2016-8917 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-03-27 CVE-2017-1153 Unspecified vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to.
network
low complexity
ibm
8.8
2017-03-27 CVE-2016-8960 Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests.
network
low complexity
ibm CWE-264
8.8
2017-03-20 CVE-2017-1151 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system.
network
high complexity
ibm
8.1
2017-03-20 CVE-2017-1145 Improper Resource Shutdown or Release vulnerability in IBM Websphere MQ 8.0.0.6
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion.
network
low complexity
ibm CWE-404
8.6
2017-03-20 CVE-2017-1134 Unspecified vulnerability in IBM Power Hardware Management Console 3.3.2/4.1
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access.
local
low complexity
ibm
7.8
2017-03-07 CVE-2016-9740 Resource Management Errors vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor.
network
low complexity
ibm CWE-399
7.5
2017-03-07 CVE-2016-9728 SQL Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM Qradar 7.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.5