Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-03 | CVE-2016-0363 | Improper Input Validation vulnerability in multiple products The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. | 8.1 |
| 2016-05-15 | CVE-2016-0341 | Information Exposure vulnerability in IBM products IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2016-04-05 | CVE-2015-8523 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 7.5 |
| 2016-03-28 | CVE-2016-0226 | Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | 7.8 |
| 2016-03-18 | CVE-2014-9768 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. | 8.8 |
| 2016-03-12 | CVE-2015-7446 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Flashsystem V9000 Firmware 7.4/7.5/7.6 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-29 | CVE-2015-7428 | Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 7.4 |
| 2016-02-15 | CVE-2015-7472 | Unspecified vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. | 7.2 |
| 2016-02-15 | CVE-2015-5050 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-15 | CVE-2015-5042 | Improper Input Validation vulnerability in IBM Emptoris Contract Management IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file. | 7.5 |