Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-6060 Information Exposure vulnerability in IBM products
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names.
network
low complexity
ibm CWE-200
4.0
2017-02-15 CVE-2016-6033 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
2017-02-08 CVE-2016-5934 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system.
local
ibm CWE-264
6.9
2017-02-08 CVE-2016-5902 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-08 CVE-2016-5900 Information Exposure vulnerability in IBM Tealeaf Customer Experience ON Cloud Network Capture Add-On 16.1.01
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate.
network
ibm CWE-200
4.3
2017-02-08 CVE-2016-0308 Improper Access Control vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
network
low complexity
ibm CWE-284
4.0
2017-02-08 CVE-2016-0307 Information Exposure vulnerability in IBM Connections
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
network
low complexity
ibm CWE-200
4.0
2017-02-08 CVE-2016-0214 Improper Access Control vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files.
network
ibm CWE-284
6.8
2017-02-08 CVE-2016-0210 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.1/5.2
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information.
network
low complexity
ibm CWE-200
5.0
2017-02-08 CVE-2016-9748 Information Exposure vulnerability in IBM products
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
network
low complexity
ibm CWE-200
4.0