Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-02 CVE-2016-5935 Information Exposure vulnerability in IBM Dashboard Application Services HUB 3.1.3
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate.
network
ibm CWE-200
4.3
2017-02-01 CVE-2016-9704 Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-9008 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
network
low complexity
ibm CWE-284
5.0
2017-02-01 CVE-2016-9000 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-8982 Information Exposure vulnerability in IBM Infosphere Datastage 11.3/8.7/9.1
IBM InfoSphere Information Server stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-8977 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests.
network
low complexity
ibm hp linux microsoft oracle CWE-200
5.0
2017-02-01 CVE-2016-8933 Path Traversal vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.0
2017-02-01 CVE-2016-8932 Improper Access Control vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-284
6.5
2017-02-01 CVE-2016-8931 Improper Access Control vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-284
6.5
2017-02-01 CVE-2016-8930 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5