Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-8929 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
5.5
2017-02-01 CVE-2016-8928 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
2017-02-01 CVE-2016-6068 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-5953 Information Exposure vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management transmits the session identifier within the URL.
network
ibm CWE-200
4.3
2017-02-01 CVE-2016-5881 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-2942 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
network
ibm CWE-284
6.0
2017-02-01 CVE-2016-0320 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects.
network
low complexity
ibm CWE-284
4.0
2017-02-01 CVE-2016-6117 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-6105 Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-284
6.4
2017-02-01 CVE-2016-0371 Unspecified vulnerability in IBM Tivoli Storage Manager
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
local
low complexity
ibm
5.5