Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-03-08 CVE-2016-9006 Cross-site Scripting vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-03-08 CVE-2016-9985 Information Exposure Through Log Files vulnerability in IBM Cognos Business Intelligence 10.1.1/10.2
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
2.1
2.1
2017-03-08 CVE-2017-1150 Improper Privilege Management vulnerability in IBM DB2 10.1/10.5/11.1
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view.
network
ibm CWE-269
3.5
3.5
2017-03-07 CVE-2017-1124 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection.
local
ibm CWE-200
1.9
1.9
2017-03-07 CVE-2017-1133 Cross-site Scripting vulnerability in IBM products
IBM QRadar 7.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-03-01 CVE-2016-2879 Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials.
local
low complexity
ibm CWE-326
2.1
2.1
2017-03-01 CVE-2016-2880 Key Management Errors vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user.
local
low complexity
ibm CWE-320
2.1
2.1
2017-03-01 CVE-2016-5932 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-23 CVE-2016-6055 Cross-site Scripting vulnerability in IBM products
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-15 CVE-2016-8968 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management 6.0.0/6.0.1/6.0.2
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5