Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-5938 | Information Exposure vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2017-02-01 | CVE-2016-5953 | Information Exposure vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management transmits the session identifier within the URL. | 3.7 |
| 2017-02-01 | CVE-2016-6001 | Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | 3.1 |
| 2017-02-01 | CVE-2016-9703 | Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | 2.4 |
| 2017-02-01 | CVE-2016-0296 | Information Exposure Through Log Files vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | 3.3 |
| 2017-02-01 | CVE-2016-0297 | Information Exposure vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | 3.7 |
| 2017-02-01 | CVE-2016-0394 | Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | 3.3 |
| 2017-02-01 | CVE-2016-3021 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | 2.7 |
| 2017-02-01 | CVE-2016-3045 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web stores sensitive information in URL parameters. | 3.7 |
| 2017-02-01 | CVE-2016-3046 | SQL Injection vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to SQL injection. | 2.7 |