Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-16 CVE-2016-5919 Inadequate Encryption Strength vulnerability in IBM products
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2017-02-15 CVE-2016-8972 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client.
local
low complexity
ibm CWE-264
7.8
2017-02-15 CVE-2016-6079 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
local
low complexity
ibm CWE-264
7.8
2017-02-15 CVE-2016-6033 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-08 CVE-2016-5934 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system.
local
low complexity
ibm CWE-264
7.3
2017-02-08 CVE-2016-0214 Improper Access Control vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files.
local
low complexity
ibm CWE-284
7.8
2017-02-07 CVE-2016-6104 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
network
low complexity
ibm CWE-434
7.2
2017-02-02 CVE-2017-1093 Unspecified vulnerability in IBM AIX 6.1/7.1/7.2
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
local
low complexity
ibm
7.8
2017-02-02 CVE-2016-6103 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-01 CVE-2016-9739 Credentials Management vulnerability in IBM Security Identity Manager
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-255
7.8