Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-24 CVE-2016-6118 Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-21 CVE-2017-1374 Information Exposure vulnerability in IBM Tririga Application Platform
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system.
network
low complexity
ibm CWE-200
6.5
2017-07-21 CVE-2017-1372 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-19 CVE-2017-1223 Open Redirect vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2017-07-19 CVE-2017-1219 XXE vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-07-19 CVE-2017-1203 Cross-site Scripting vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-07-19 CVE-2016-6018 Information Exposure vulnerability in IBM Emptoris Contract Management
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks.
network
low complexity
ibm CWE-200
4.3
2017-07-13 CVE-2017-1308 Files or Directories Accessible to External Parties vulnerability in IBM Daeja Viewone 4.1.5/4.1.5.1/5.0
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls.
network
low complexity
ibm CWE-552
6.5
2017-07-13 CVE-2016-8952 Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-13 CVE-2016-6019 Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4