Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-12 CVE-2017-1321 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-07-12 CVE-2017-1285 Improper Input Validation vulnerability in IBM Websphere MQ 9.0.1/9.0.2
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.
network
low complexity
ibm CWE-20
6.5
2017-07-12 CVE-2016-8953 Open Redirect vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
5.4
2017-07-12 CVE-2016-8950 Cross-site Scripting vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-12 CVE-2016-8948 Cross-site Scripting vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-12 CVE-2016-8947 Open Redirect vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2017-07-12 CVE-2016-8946 Cross-site Scripting vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-12 CVE-2016-6114 Cross-site Scripting vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-10 CVE-2017-1398 Open Redirect vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2017-07-10 CVE-2017-1284 Information Exposure vulnerability in IBM Websphere MQ 9.0.1/9.0.2
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials.
local
high complexity
ibm CWE-200
4.7