Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2017-1155 | Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. | 4.0 |
| 2017-03-20 | CVE-2017-1151 | Remote Privilege Escalation vulnerability in IBM WebSphere Application Server IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. network ibm | 6.8 |
| 2017-03-20 | CVE-2016-8973 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. | 4.0 |
| 2017-03-08 | CVE-2016-5933 | 7PK - Security Features vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. | 4.9 |
| 2017-03-07 | CVE-2016-9730 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2017-03-07 | CVE-2016-9729 | Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.4 |
| 2017-03-07 | CVE-2016-9728 | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Qradar 7.2 is vulnerable to SQL injection. | 5.0 |
| 2017-03-07 | CVE-2016-9725 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. | 5.0 |
| 2017-03-07 | CVE-2016-9723 | Cross-site Scripting vulnerability in IBM products IBM QRadar 7.2 is vulnerable to cross-site scripting. | 4.3 |
| 2017-03-07 | CVE-2016-9720 | Information Exposure vulnerability in IBM products IBM QRadar 7.2 discloses sensitive information to unauthorized users. | 5.0 |