Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-28 | CVE-2015-0114 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access for Windows 5.4/6.1/7.1 Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | 4.6 |
| 2017-08-28 | CVE-2015-0101 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | 4.3 |
| 2017-08-28 | CVE-2014-8900 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Urbancode Deploy Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | 6.8 |
| 2017-08-25 | CVE-2014-9564 | CRLF Injection vulnerability in IBM En6131 Firmware and Ib6131 Firmware CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. | 4.3 |
| 2017-08-22 | CVE-2014-6189 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-08-18 | CVE-2017-1501 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. | 4.3 |
| 2017-08-14 | CVE-2017-1469 | Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 4.6 |
| 2017-08-14 | CVE-2017-1190 | Unspecified vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. | 6.2 |
| 2017-08-14 | CVE-2016-6029 | Information Exposure vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2017-08-10 | CVE-2017-1377 | Information Exposure vulnerability in IBM Runbook Automation IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. | 4.0 |