Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-01 | CVE-2016-9008 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | 7.5 |
2017-02-01 | CVE-2016-8932 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
2017-02-01 | CVE-2016-8931 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
2017-02-01 | CVE-2016-8930 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 7.6 |
2017-02-01 | CVE-2016-8928 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 7.6 |
2017-02-01 | CVE-2016-8919 | Resource Management Errors vulnerability in IBM Websphere Application Server IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. | 7.5 |
2017-02-01 | CVE-2016-6115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System is vulnerable to a buffer overflow. | 7.2 |
2017-02-01 | CVE-2016-6068 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | 7.5 |
2017-02-01 | CVE-2016-2942 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | 7.5 |
2017-02-01 | CVE-2016-6105 | Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.2 |