Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-6098 | Improper Access Control vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.5 |
| 2017-06-08 | CVE-2016-6093 | Credentials Management vulnerability in IBM products IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2017-06-08 | CVE-2014-4843 | Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | 5.0 |
| 2017-06-07 | CVE-2017-1196 | Weak Password Requirements vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2017-06-07 | CVE-2017-1178 | Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. | 4.3 |
| 2017-06-07 | CVE-2016-9977 | Improper Input Validation vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. | 6.5 |
| 2017-06-07 | CVE-2016-9710 | Information Exposure vulnerability in IBM Cognos Business Intelligence Server IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. | 5.0 |
| 2017-06-07 | CVE-2016-6087 | Improper Input Validation vulnerability in IBM Domino IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. | 5.0 |
| 2017-06-07 | CVE-2016-5959 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. | 5.0 |
| 2017-06-07 | CVE-2016-3051 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. | 4.0 |