Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-8943 Cross-site Scripting vulnerability in IBM products
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-8981 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm hp linux microsoft oracle CWE-200
2.1
2.1
2017-02-01 CVE-2016-9731 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2016-12-01 CVE-2016-2955 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2016-12-01 CVE-2016-2991 Cross-site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2016-12-01 CVE-2016-2994 Cross-site Scripting vulnerability in IBM Urbancode Deploy
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2016-11-30 CVE-2016-2869 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.
network
ibm CWE-79
3.5
3.5
2016-11-30 CVE-2016-2874 Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
ibm CWE-284
3.5
3.5
2016-11-30 CVE-2016-2877 Permission Issues vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.
local
low complexity
ibm CWE-275
2.1
2.1
2016-11-30 CVE-2016-2943 Information Exposure Through Log Files vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
local
ibm CWE-532
1.9
1.9