Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-03-08 CVE-2017-1150 Improper Privilege Management vulnerability in IBM DB2 10.1/10.5/11.1
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view.
network
high complexity
ibm CWE-269
3.1
2017-03-07 CVE-2017-1124 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection.
local
high complexity
ibm CWE-200
2.9
2017-02-24 CVE-2016-9009 Improper Input Validation vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering.
network
high complexity
ibm CWE-20
3.1
2017-02-08 CVE-2015-7494 Improper Access Control vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API.
local
high complexity
ibm CWE-284
2.8
2017-02-08 CVE-2016-0202 Information Exposure vulnerability in IBM Cloud Orchestrator
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator.
local
low complexity
ibm CWE-200
3.3
2017-02-08 CVE-2016-0206 Improper Input Validation vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
local
low complexity
ibm CWE-20
3.3
2017-02-01 CVE-2016-5938 Information Exposure vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
3.3
2017-02-01 CVE-2016-5953 Information Exposure vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management transmits the session identifier within the URL.
network
high complexity
ibm CWE-200
3.7
2017-02-01 CVE-2016-6001 Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
network
high complexity
ibm CWE-918
3.1
2017-02-01 CVE-2016-9703 Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
low complexity
ibm CWE-384
2.4