Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2963 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-11-30 CVE-2016-2948 Use of Hard-coded Credentials vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.
local
low complexity
ibm CWE-798
7.8
2016-11-30 CVE-2016-2936 Credentials Management vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
network
low complexity
ibm CWE-255
7.3
2016-11-25 CVE-2016-2929 Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
network
high complexity
ibm CWE-284
8.1
2016-11-25 CVE-2016-0319 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-284
7.5
2016-11-25 CVE-2016-3025 7PK - Security Features vulnerability in IBM products
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
network
high complexity
ibm CWE-254
8.1
2016-11-25 CVE-2016-2988 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager for Virtual Environments 6.4/7.1
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins.
network
high complexity
ibm CWE-264
8.5
2016-11-25 CVE-2016-2985 Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
local
high complexity
ibm CWE-264
7.0
2016-11-25 CVE-2016-2984 Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
local
high complexity
ibm CWE-264
7.0
2016-10-22 CVE-2016-0328 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
local
low complexity
ibm CWE-77
7.8