Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6124 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Kenexa LMS ON Cloud IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 6.5 |
| 2017-02-01 | CVE-2016-6122 | Information Exposure vulnerability in IBM Kenexa LMS ON Cloud IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. | 4.0 |
| 2017-02-01 | CVE-2016-6113 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM Verse is vulnerable to cross-site scripting. | 4.3 |
| 2017-02-01 | CVE-2016-6080 | Information Exposure vulnerability in IBM Websphere Message Broker 8.0 The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | 5.0 |
| 2017-02-01 | CVE-2016-6045 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-02-01 | CVE-2016-6044 | Improper Access Control vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. | 4.0 |
| 2017-02-01 | CVE-2016-6043 | Session Fixation vulnerability in IBM Tivoli Storage Manager Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | 4.4 |
| 2017-02-01 | CVE-2016-6040 | Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | 6.0 |
| 2017-02-01 | CVE-2016-6034 | Information Exposure vulnerability in IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR VMWare IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | 4.0 |
| 2017-02-01 | CVE-2016-6028 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | 4.0 |