Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2016-11-24 CVE-2016-0372 7PK - Security Features vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
high complexity
ibm CWE-254
3.7
2016-11-24 CVE-2016-0378 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.
network
high complexity
ibm CWE-200
3.7
2016-10-22 CVE-2016-0240 7PK - Security Features vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
network
high complexity
ibm CWE-254
3.7
2016-09-26 CVE-2016-0248 Information Exposure vulnerability in IBM Security Guardium 10.0/9.0
IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors.
network
high complexity
ibm CWE-200
3.7
2016-09-26 CVE-2016-0379 Data Processing Errors vulnerability in IBM Websphere MQ
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.
network
high complexity
ibm CWE-19
3.1
2016-09-01 CVE-2016-0385 Information Exposure vulnerability in IBM Websphere Application Server
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
high complexity
ibm CWE-200
3.1
2016-09-01 CVE-2016-2998 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.
network
low complexity
ibm CWE-352
3.5
2016-09-01 CVE-2016-0370 Cross-site Scripting vulnerability in IBM Forms Experience Builder
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.
network
low complexity
ibm CWE-79
2.7
2016-08-08 CVE-2016-0266 7PK - Security Features vulnerability in IBM AIX and Vios
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
high complexity
ibm CWE-254
3.7
2016-08-08 CVE-2016-0281 Improper Input Validation vulnerability in IBM AIX and Vios
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
network
high complexity
ibm CWE-20
3.7