Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-21 | CVE-2016-3477 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. | 8.1 |
| 2016-07-17 | CVE-2016-3039 | Unspecified vulnerability in IBM Traveler 8.5.3/9.0/9.0.1 IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |
| 2016-07-15 | CVE-2016-0340 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | 7.4 |
| 2016-07-15 | CVE-2016-0330 | Credentials Management vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. | 7.3 |
| 2016-07-15 | CVE-2015-1977 | Information Exposure vulnerability in IBM Tivoli Directory Server Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2016-07-08 | CVE-2016-2945 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 8.5.5.8/8.5.5.9 The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document. | 7.5 |
| 2016-07-08 | CVE-2016-2889 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users. | 8.8 |
| 2016-07-08 | CVE-2016-0315 | Improper Access Control vulnerability in IBM Jazz Reporting Service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | 8.8 |
| 2016-07-08 | CVE-2016-0287 | 7PK - Security Features vulnerability in IBM I Access 7.1 IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | 7.8 |
| 2016-07-08 | CVE-2016-0271 | Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors. | 8.2 |