Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-08 | CVE-2016-0206 | Improper Input Validation vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | 3.3 |
| 2017-02-01 | CVE-2016-5938 | Information Exposure vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2017-02-01 | CVE-2016-5953 | Information Exposure vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management transmits the session identifier within the URL. | 3.7 |
| 2017-02-01 | CVE-2016-6001 | Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | 3.1 |
| 2017-02-01 | CVE-2016-9703 | Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | 2.4 |
| 2017-02-01 | CVE-2016-0296 | Information Exposure Through Log Files vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | 3.3 |
| 2017-02-01 | CVE-2016-0297 | Information Exposure vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | 3.7 |
| 2017-02-01 | CVE-2016-0394 | Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | 3.3 |
| 2017-02-01 | CVE-2016-3021 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | 2.7 |
| 2017-02-01 | CVE-2016-3045 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web stores sensitive information in URL parameters. | 3.7 |