Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6124 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
6.5
2017-02-01 CVE-2016-6122 Information Exposure vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
network
low complexity
ibm CWE-200
4.0
2017-02-01 CVE-2016-6113 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM Verse is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-6080 Information Exposure vulnerability in IBM Websphere Message Broker 8.0
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-6045 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
2017-02-01 CVE-2016-6044 Improper Access Control vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
network
low complexity
ibm CWE-284
4.0
2017-02-01 CVE-2016-6043 Session Fixation vulnerability in IBM Tivoli Storage Manager
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
local
ibm CWE-384
4.4
2017-02-01 CVE-2016-6040 Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
network
ibm CWE-384
6.0
2017-02-01 CVE-2016-6034 Information Exposure vulnerability in IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR VMWare
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
network
low complexity
ibm microsoft CWE-200
4.0
2017-02-01 CVE-2016-6028 Permissions, Privileges, and Access Controls vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
network
low complexity
ibm CWE-264
4.0