Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2016-08-08 CVE-2016-0380 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
local
low complexity
ibm CWE-264
3.3
2016-08-08 CVE-2016-2960 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
network
high complexity
ibm CWE-284
3.7
2016-07-21 CVE-2016-5444 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
network
high complexity
oracle mariadb ibm redhat
3.7
2016-07-21 CVE-2016-3452 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
network
high complexity
redhat oracle mariadb ibm
3.7
2016-07-03 CVE-2016-2894 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
local
high complexity
ibm CWE-200
2.5
2016-07-02 CVE-2016-2861 Information Exposure vulnerability in IBM Websphere Extreme Scale
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
high complexity
ibm CWE-200
3.7
2016-07-02 CVE-2016-2868 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
2.7
2016-07-02 CVE-2016-2870 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1/2.5
Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.
network
low complexity
ibm CWE-119
2.7
2016-06-26 CVE-2015-7473 Improper Access Control vulnerability in IBM Websphere MQ
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
local
high complexity
ibm CWE-284
2.5
2016-06-26 CVE-2016-0259 Information Exposure vulnerability in IBM Websphere MQ
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
local
high complexity
ibm CWE-200
2.5