Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-29 CVE-2015-7464 Unspecified vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.
network
low complexity
ibm
7.5
2016-01-18 CVE-2015-4988 Path Traversal vulnerability in IBM Tealeaf Customer Experience
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
8.6
2016-01-17 CVE-2015-7470 Information Exposure vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.
network
low complexity
ibm CWE-200
7.5
2016-01-15 CVE-2015-5007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-10 CVE-2015-7465 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service 6.0
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-10 CVE-2015-7397 Unspecified vulnerability in IBM Websphere Commerce 7.0
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
network
low complexity
ibm
7.4
2016-01-03 CVE-2015-5038 Unspecified vulnerability in IBM Connections
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
network
low complexity
ibm
7.5
2016-01-03 CVE-2015-5003 Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.
network
high complexity
ibm CWE-77
8.5
2016-01-02 CVE-2015-7407 Cross-Site Request Forgery (CSRF) vulnerability in IBM Mashups Center 3.0.0.1
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-02 CVE-2015-7400 Resource Management Errors vulnerability in IBM Mashups Center 3.0.0.1
The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-399
7.7