Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-03 | CVE-2015-5003 | Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0 The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | 8.5 |
| 2016-01-02 | CVE-2015-7407 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Mashups Center 3.0.0.1 Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-01-02 | CVE-2015-7400 | Resource Management Errors vulnerability in IBM Mashups Center 3.0.0.1 The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.7 |
| 2016-01-02 | CVE-2015-2023 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access 7.1 Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. | 8.8 |
| 2016-01-02 | CVE-2015-7442 | Permissions, Privileges, and Access Controls vulnerability in IBM Installation Manager and Packaging Utility consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value. | 7.0 |
| 2016-01-02 | CVE-2015-7429 | Information Exposure vulnerability in IBM products The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory. | 8.5 |
| 2016-01-02 | CVE-2015-5018 | OS Command Injection vulnerability in IBM products IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. | 8.0 |
| 2016-01-01 | CVE-2015-7410 | Code vulnerability in IBM Sterling B2B Integrator 5.2 The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | 7.4 |
| 2016-01-01 | CVE-2015-7489 | Permissions, Privileges, and Access Controls vulnerability in IBM Spss Statistics 22.0.0.2/23.0.0.2 IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. | 7.8 |
| 2015-12-31 | CVE-2015-1947 | Unspecified vulnerability in IBM Infosphere Biginsights Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program. | 7.4 |