Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-08-22 CVE-2017-1422 Information Exposure vulnerability in IBM Maas360 DTM 3.81
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information.
local
low complexity
ibm CWE-200
3.3
2017-07-21 CVE-2017-1381 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served.
local
low complexity
ibm CWE-200
3.3
2017-07-05 CVE-2017-1144 Untrusted Search Path vulnerability in IBM Integration BUS and Websphere Message Broker
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting.
local
high complexity
ibm CWE-426
2.5
2017-07-05 CVE-2017-1176 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments.
local
low complexity
ibm CWE-200
3.3
2017-07-05 CVE-2016-0238 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request.
network
high complexity
ibm CWE-200
3.7
2017-06-07 CVE-2017-1125 Information Exposure vulnerability in IBM Cognos Business Intelligence Server
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file.
local
low complexity
ibm CWE-200
3.3
2017-05-15 CVE-2016-5979 Permissions, Privileges, and Access Controls vulnerability in IBM Distributed Marketing
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user.
network
low complexity
ibm CWE-264
2.7
2017-03-27 CVE-2016-6102 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
2017-03-20 CVE-2016-9697 Information Exposure vulnerability in IBM Rational Rhapsody Design Manager
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack.
network
high complexity
ibm CWE-200
3.1
2017-03-08 CVE-2017-1150 Improper Privilege Management vulnerability in IBM DB2 10.1/10.5/11.1
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view.
network
high complexity
ibm CWE-269
3.1