Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-25 | CVE-2016-3025 | 7PK - Security Features vulnerability in IBM products IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |
| 2016-11-25 | CVE-2016-2988 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager for Virtual Environments 6.4/7.1 IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins. | 8.5 |
| 2016-11-25 | CVE-2016-2985 | Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program. | 7.0 |
| 2016-11-25 | CVE-2016-2984 | Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program. | 7.0 |
| 2016-10-22 | CVE-2016-0328 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | 7.8 |
| 2016-10-22 | CVE-2016-0326 | Command Injection vulnerability in IBM products IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | 8.8 |
| 2016-10-22 | CVE-2016-0247 | Information Exposure vulnerability in IBM Security Guardium IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. | 7.8 |
| 2016-10-22 | CVE-2016-0241 | Improper Access Control vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | 8.8 |
| 2016-10-22 | CVE-2016-0239 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | 8.8 |
| 2016-10-21 | CVE-2016-0236 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | 8.8 |