Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-2941 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
local
low complexity
ibm CWE-200
2.1
2.1
2017-02-01 CVE-2016-2992 Cross-site Scripting vulnerability in IBM Biginsights 4.2
IBM Infosphere BigInsights is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-5938 Information Exposure vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
2.1
2.1
2017-02-01 CVE-2016-5940 Cross-site Scripting vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-5941 Path Traversal vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.
network
ibm CWE-22
3.5
3.5
2017-02-01 CVE-2016-5942 Cross-site Scripting vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-6001 Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
network
ibm CWE-918
3.5
3.5
2017-02-01 CVE-2016-6110 Credentials Management vulnerability in IBM products
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
local
low complexity
ibm linux microsoft CWE-255
2.1
2.1
2017-02-01 CVE-2016-8963 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm hp linux microsoft oracle CWE-200
2.1
2.1
2017-02-01 CVE-2016-8999 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
network
ibm CWE-79
3.5
3.5