Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-0296 Information Exposure Through Log Files vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
local
low complexity
ibm CWE-532
3.3
2017-02-01 CVE-2016-0297 Information Exposure vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
network
high complexity
ibm CWE-200
3.7
2017-02-01 CVE-2016-0394 Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
local
low complexity
ibm CWE-275
3.3
2017-02-01 CVE-2016-3021 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
network
low complexity
ibm CWE-200
2.7
2017-02-01 CVE-2016-3045 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
2017-02-01 CVE-2016-3046 SQL Injection vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
2.7
2017-02-01 CVE-2016-8942 Improper Access Control vulnerability in IBM products
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
network
high complexity
ibm CWE-284
3.1
2016-11-30 CVE-2016-2874 Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
high complexity
ibm CWE-284
3.1
2016-11-30 CVE-2016-2877 Permission Issues vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.
local
low complexity
ibm CWE-275
3.3
2016-11-30 CVE-2016-2943 Information Exposure Through Log Files vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
local
high complexity
ibm CWE-532
1.9