Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-3017 | Improperly Implemented Security Check for Standard vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | 7.5 |
| 2017-02-01 | CVE-2016-0396 | Command Injection vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | 8.1 |
| 2017-01-06 | CVE-2016-9879 | Channel and Path Errors vulnerability in multiple products An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. | 7.5 |
| 2016-12-13 | CVE-2015-3217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. | 7.5 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |
| 2016-12-01 | CVE-2016-3033 | XXE vulnerability in IBM Appscan Source IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |
| 2016-12-01 | CVE-2016-3012 | Information Exposure vulnerability in IBM API Connect and Network Path Manager IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | 7.5 |
| 2016-12-01 | CVE-2016-2946 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Monitoring Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-11-30 | CVE-2016-2917 | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5 The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | 8.8 |
| 2016-11-30 | CVE-2016-2887 | Improper Access Control vulnerability in IBM IMS Enterprise Suite IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 8.1 |