Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-5996 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
7.5
2016-09-26 CVE-2016-5971 XXE vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-611
7.1
2016-09-26 CVE-2016-5963 Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-284
8.8
2016-09-26 CVE-2016-5957 Cryptographic Issues vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.
network
low complexity
ibm CWE-310
7.5
2016-09-26 CVE-2016-3007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
network
low complexity
ibm CWE-352
8.8
2016-09-02 CVE-2016-5879 Improper Input Validation vulnerability in IBM MQ Appliance Firmware 8.0
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
local
low complexity
ibm CWE-20
8.8
2016-08-08 CVE-2016-2875 Command Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
network
low complexity
ibm CWE-77
8.8
2016-07-21 CVE-2016-3477 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
local
high complexity
ibm oracle mariadb debian canonical
8.1
2016-07-17 CVE-2016-3039 Unspecified vulnerability in IBM Traveler 8.5.3/9.0/9.0.1
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
8.1
2016-07-15 CVE-2016-0340 Improper Access Control vulnerability in IBM Security Identity Manager Adapter
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
local
high complexity
ibm CWE-284
7.4