Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6020 | Open Redirect vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2017-02-01 | CVE-2016-6000 | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. | 4.3 |
| 2017-02-01 | CVE-2016-5994 | Information Exposure vulnerability in IBM Infosphere Information Server 11.5 IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | 4.0 |
| 2017-02-01 | CVE-2016-5990 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | 6.5 |
| 2017-02-01 | CVE-2016-5988 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | 4.0 |
| 2017-02-01 | CVE-2016-5984 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. | 4.3 |
| 2017-02-01 | CVE-2016-5966 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2017-02-01 | CVE-2016-5964 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2 IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2017-02-01 | CVE-2016-5958 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 5.0 |
| 2017-02-01 | CVE-2016-5952 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. | 6.5 |