Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2018-02-21 CVE-2016-0351 Information Exposure vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
high complexity
ibm CWE-200
3.7
2018-02-21 CVE-2016-0366 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption.
network
high complexity
ibm CWE-200
3.7
2018-02-21 CVE-2016-0369 XXE vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data.
network
low complexity
ibm CWE-611
2.7
2018-01-11 CVE-2017-1478 Information Exposure vulnerability in IBM Security Access Manager 9.0 Firmware
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
3.3
2018-01-11 CVE-2017-1681 Information Exposure vulnerability in IBM Liberty 3.13/3.15
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file.
local
low complexity
ibm CWE-200
3.3
2018-01-04 CVE-2017-1669 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
2018-01-04 CVE-2017-1699 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates.
local
low complexity
ibm CWE-732
3.3
2017-12-20 CVE-2017-1261 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-200
3.3
2017-12-20 CVE-2017-1270 Session Fixation vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability.
local
low complexity
ibm CWE-384
3.3
2017-12-13 CVE-2017-1716 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings.
local
low complexity
ibm CWE-732
3.3