Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-8966 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
4.3
2017-02-01 CVE-2016-8961 Open Redirect vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
5.8
2017-02-01 CVE-2016-8941 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
2017-02-01 CVE-2016-8936 Cross-site Scripting vulnerability in IBM Social Rendering Templates for Digital Data Connector 1.0
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-8922 Cross-site Scripting vulnerability in IBM products
Exphox WebRadar is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-8921 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Filenet Workplace XT 1.1.5
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
6.5
2017-02-01 CVE-2016-8918 Credentials Management vulnerability in IBM Integration BUS 10.0
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
network
ibm CWE-255
4.3
2017-02-01 CVE-2016-8913 Path Traversal vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.0
2017-02-01 CVE-2016-8912 Information Exposure Through Log Files vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
network
low complexity
ibm CWE-532
4.0
2017-02-01 CVE-2016-6126 Path Traversal vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.0