Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-0297 | Information Exposure vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | 3.7 |
| 2017-02-01 | CVE-2016-0394 | Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | 3.3 |
| 2017-02-01 | CVE-2016-3021 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | 2.7 |
| 2017-02-01 | CVE-2016-3045 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web stores sensitive information in URL parameters. | 3.7 |
| 2017-02-01 | CVE-2016-3046 | SQL Injection vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to SQL injection. | 2.7 |
| 2017-02-01 | CVE-2016-8942 | Improper Access Control vulnerability in IBM products IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | 3.1 |
| 2016-11-30 | CVE-2016-2874 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.1 |
| 2016-11-30 | CVE-2016-2877 | Permission Issues vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. | 3.3 |
| 2016-11-30 | CVE-2016-2943 | Information Exposure Through Log Files vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. | 1.9 |
| 2016-11-30 | CVE-2016-2949 | Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | 3.3 |