Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-07 CVE-2016-9727 Improper Input Validation vulnerability in IBM products
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
high complexity
ibm CWE-20
8.5
2017-03-07 CVE-2016-9726 Improper Input Validation vulnerability in IBM products
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-20
8.8
2017-03-07 CVE-2016-9724 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-03-07 CVE-2016-8940 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries.
network
low complexity
ibm CWE-200
8.8
2017-03-01 CVE-2016-9994 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9993 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9992 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-2880 Key Management Errors vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user.
local
low complexity
ibm CWE-320
7.8
2017-03-01 CVE-2016-2879 Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials.
local
low complexity
ibm CWE-326
7.8
2017-02-24 CVE-2016-9975 Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8