Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-08 | CVE-2016-0214 | Improper Access Control vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. | 7.8 |
| 2017-02-07 | CVE-2016-6104 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | 7.2 |
| 2017-02-02 | CVE-2017-1093 | Unspecified vulnerability in IBM AIX 6.1/7.1/7.2 IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | 7.8 |
| 2017-02-02 | CVE-2016-6103 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-01 | CVE-2016-9739 | Credentials Management vulnerability in IBM Security Identity Manager IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2017-02-01 | CVE-2016-9008 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | 7.5 |
| 2017-02-01 | CVE-2016-8932 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-02-01 | CVE-2016-8931 | Improper Access Control vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2017-02-01 | CVE-2016-8930 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 7.6 |
| 2017-02-01 | CVE-2016-8928 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 7.6 |