Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-30 | CVE-2016-2884 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Forms Experience Builder Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2016-11-30 | CVE-2016-2878 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2016-11-30 | CVE-2016-2876 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | 7.5 |
| 2016-11-30 | CVE-2016-2873 | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2016-11-30 | CVE-2016-2871 | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | 7.8 |
| 2016-11-30 | CVE-2016-2963 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2 Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-11-30 | CVE-2016-2948 | Use of Hard-coded Credentials vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | 7.8 |
| 2016-11-30 | CVE-2016-2936 | Credentials Management vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | 7.3 |
| 2016-11-25 | CVE-2016-2929 | Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |
| 2016-11-25 | CVE-2016-0319 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |