Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-22 CVE-2016-0326 Command Injection vulnerability in IBM products
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
network
low complexity
ibm CWE-77
8.8
2016-10-22 CVE-2016-0247 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
local
low complexity
ibm CWE-200
7.8
2016-10-22 CVE-2016-0241 Improper Access Control vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
network
low complexity
ibm CWE-284
8.8
2016-10-22 CVE-2016-0239 Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.
network
low complexity
ibm CWE-264
8.8
2016-10-21 CVE-2016-0236 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
network
low complexity
ibm CWE-77
8.8
2016-10-16 CVE-2016-0249 SQL Injection vulnerability in IBM Security Guardium
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
8.6
2016-10-06 CVE-2016-6023 Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
7.5
2016-10-05 CVE-2016-5983 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
network
high complexity
ibm CWE-284
7.5
2016-10-01 CVE-2016-5995 Permissions, Privileges, and Access Controls vulnerability in IBM DB2
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
local
low complexity
ibm CWE-264
7.3
2016-10-01 CVE-2016-5986 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
7.5