Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-16 | CVE-2016-5919 | Inadequate Encryption Strength vulnerability in IBM products IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2017-02-15 | CVE-2016-8972 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. | 7.8 |
2017-02-15 | CVE-2016-6079 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | 7.8 |
2017-02-15 | CVE-2016-6033 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2017-02-08 | CVE-2016-5934 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. | 7.3 |
2017-02-08 | CVE-2016-0214 | Improper Access Control vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. | 7.8 |
2017-02-07 | CVE-2016-6104 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | 7.2 |
2017-02-02 | CVE-2017-1093 | Unspecified vulnerability in IBM AIX 6.1/7.1/7.2 IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | 7.8 |
2017-02-02 | CVE-2016-6103 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2017-02-01 | CVE-2016-9739 | Credentials Management vulnerability in IBM Security Identity Manager IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | 7.8 |