Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-5958 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 7.5 |
| 2017-02-01 | CVE-2016-5952 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. | 8.8 |
| 2017-02-01 | CVE-2016-5937 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-01 | CVE-2016-3053 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | 7.8 |
| 2017-02-01 | CVE-2016-3029 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-01 | CVE-2016-3017 | Improperly Implemented Security Check for Standard vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | 7.5 |
| 2017-02-01 | CVE-2016-0396 | Command Injection vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | 8.1 |
| 2017-01-06 | CVE-2016-9879 | Channel and Path Errors vulnerability in multiple products An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. | 7.5 |
| 2016-12-13 | CVE-2015-3217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. | 7.5 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |