Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-15 | CVE-2016-0341 | Information Exposure vulnerability in IBM products IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2016-04-05 | CVE-2015-8523 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 7.5 |
| 2016-03-28 | CVE-2016-0226 | Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | 7.8 |
| 2016-03-18 | CVE-2014-9768 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. | 8.8 |
| 2016-03-12 | CVE-2015-7446 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Flashsystem V9000 Firmware 7.4/7.5/7.6 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-29 | CVE-2015-7428 | Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 7.4 |
| 2016-02-15 | CVE-2015-7472 | Unspecified vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. | 7.2 |
| 2016-02-15 | CVE-2015-5050 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-15 | CVE-2015-5042 | Improper Input Validation vulnerability in IBM Emptoris Contract Management IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file. | 7.5 |
| 2016-02-15 | CVE-2015-5012 | Cryptographic Issues vulnerability in IBM products The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 7.5 |