Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-9008 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
network
low complexity
ibm CWE-284
7.5
2017-02-01 CVE-2016-8932 Improper Access Control vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-284
8.8
2017-02-01 CVE-2016-8931 Improper Access Control vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-284
8.8
2017-02-01 CVE-2016-8930 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.6
2017-02-01 CVE-2016-8928 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.6
2017-02-01 CVE-2016-8919 Resource Management Errors vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
network
low complexity
ibm CWE-399
7.5
2017-02-01 CVE-2016-6115 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM General Parallel File System and Spectrum Scale
IBM General Parallel File System is vulnerable to a buffer overflow.
network
low complexity
ibm CWE-119
7.2
2017-02-01 CVE-2016-6068 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
network
low complexity
ibm CWE-200
7.5
2017-02-01 CVE-2016-2942 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
network
high complexity
ibm CWE-284
7.5
2017-02-01 CVE-2016-6105 Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-284
8.2