Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6043 | Session Fixation vulnerability in IBM Tivoli Storage Manager Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | 7.0 |
| 2017-02-01 | CVE-2016-6042 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Security Appscan IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. | 7.3 |
| 2017-02-01 | CVE-2016-5985 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. | 7.8 |
| 2017-02-01 | CVE-2016-5958 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 7.5 |
| 2017-02-01 | CVE-2016-5952 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. | 8.8 |
| 2017-02-01 | CVE-2016-5937 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-01 | CVE-2016-3053 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | 7.8 |
| 2017-02-01 | CVE-2016-3029 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-01 | CVE-2016-3017 | Improperly Implemented Security Check for Standard vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | 7.5 |
| 2017-02-01 | CVE-2016-0396 | Command Injection vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | 8.1 |