Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2949 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.
local
low complexity
ibm CWE-200
3.3
2016-11-30 CVE-2016-2951 Cryptographic Issues vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
network
high complexity
ibm CWE-310
3.7
2016-11-30 CVE-2016-2952 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
network
high complexity
ibm CWE-200
3.7
2016-11-30 CVE-2016-2953 Cryptographic Issues vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
high complexity
ibm CWE-310
3.7
2016-11-30 CVE-2016-3002 Information Exposure vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
low complexity
ibm CWE-200
2.1
2016-11-30 CVE-2016-3009 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
network
low complexity
ibm CWE-352
3.5
2016-11-25 CVE-2016-2947 Information Exposure vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
2.7
2016-11-25 CVE-2016-5992 Unspecified vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
local
high complexity
ibm
2.5
2016-11-24 CVE-2015-4961 Information Exposure vulnerability in IBM Tealeaf Customer Experience
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
high complexity
ibm CWE-200
2.6
2016-11-24 CVE-2016-0353 7PK - Security Features vulnerability in IBM Security Privileged Identity Manager 2.0.0/2.0.1/2.0.2
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
high complexity
ibm CWE-254
3.7