Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2016-3019 | Inadequate Encryption Strength vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.0 |
| 2017-06-07 | CVE-2016-0254 | XXE vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.8 |
| 2017-05-26 | CVE-2017-1325 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2017-05-26 | CVE-2017-1292 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. | 5.0 |
| 2017-05-22 | CVE-2017-1289 | XXE vulnerability in IBM SDK IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. | 6.4 |
| 2017-05-22 | CVE-2017-1159 | Open Redirect vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 4.9 |
| 2017-05-22 | CVE-2016-6112 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. | 6.5 |
| 2017-05-15 | CVE-2016-9750 | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. | 4.0 |
| 2017-05-15 | CVE-2016-9735 | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
| 2017-05-15 | CVE-2016-5979 | Permissions, Privileges, and Access Controls vulnerability in IBM Distributed Marketing IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. | 4.0 |