Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2015-5045 | Information Exposure vulnerability in IBM Rational License KEY Server The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. | 3.3 |
| 2018-03-20 | CVE-2015-7449 | Inadequate Encryption Strength vulnerability in IBM products IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. | 3.3 |
| 2018-03-09 | CVE-2016-0275 | Information Exposure vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows local users to obtain sensitive information via vectors related to cacheable HTTPS responses. | 3.3 |
| 2018-03-02 | CVE-2017-1654 | Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. | 3.3 |
| 2018-02-22 | CVE-2018-1392 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0 IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. | 3.1 |
| 2018-02-21 | CVE-2016-0351 | Information Exposure vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 3.7 |
| 2018-02-21 | CVE-2016-0366 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0 IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. | 3.7 |
| 2018-02-21 | CVE-2016-0369 | XXE vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. | 2.7 |
| 2018-01-11 | CVE-2017-1478 | Information Exposure vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2018-01-11 | CVE-2017-1681 | Information Exposure vulnerability in IBM Liberty 3.13/3.15 IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. | 3.3 |