Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-1253 | OS Command Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 6.5 |
| 2017-07-05 | CVE-2017-1157 | Information Exposure vulnerability in IBM Jazz Reporting Service 5.0/6.0 IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. | 4.0 |
| 2017-07-05 | CVE-2016-9700 | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. | 4.0 |
| 2017-07-05 | CVE-2017-1258 | Improper Authentication vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.4 |
| 2017-07-05 | CVE-2017-1256 | Cross-site Scripting vulnerability in IBM Security Guardium 10.0/10.1 IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. | 4.3 |
| 2017-07-05 | CVE-2017-1217 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5/9.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2017-07-05 | CVE-2016-0238 | Information Exposure vulnerability in IBM Security Guardium IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. | 4.3 |
| 2017-06-29 | CVE-2017-1310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. | 4.0 |
| 2017-06-27 | CVE-2017-1328 | Security Bypass vulnerability in IBM API Connect IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. | 5.0 |
| 2017-06-27 | CVE-2017-1322 | XXE vulnerability in IBM API Connect IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |