Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-9693 | Improper Input Validation vulnerability in IBM Business Process Manager and Websphere IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. | 6.8 |
| 2017-03-07 | CVE-2016-8971 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. | 6.8 |
| 2017-03-07 | CVE-2016-8940 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. | 4.0 |
| 2017-03-01 | CVE-2016-9994 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. | 6.5 |
| 2017-03-01 | CVE-2016-9993 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. | 6.5 |
| 2017-03-01 | CVE-2016-9992 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. | 6.5 |
| 2017-03-01 | CVE-2016-8232 | Cross-site Scripting vulnerability in IBM Advanced Management Module Firmware Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. | 4.3 |
| 2017-02-24 | CVE-2016-9975 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3 IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-02-24 | CVE-2016-9009 | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. | 4.0 |
| 2017-02-24 | CVE-2016-8998 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. | 6.0 |