Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6020 Open Redirect vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
ibm CWE-601
5.8
2017-02-01 CVE-2016-6000 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-5994 Information Exposure vulnerability in IBM Infosphere Information Server 11.5
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
network
low complexity
ibm CWE-200
4.0
2017-02-01 CVE-2016-5990 Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
network
low complexity
ibm CWE-284
6.5
2017-02-01 CVE-2016-5988 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
network
low complexity
ibm CWE-200
4.0
2017-02-01 CVE-2016-5984 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-5966 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
ibm CWE-200
4.3
2017-02-01 CVE-2016-5964 Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-284
5.0
2017-02-01 CVE-2016-5958 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-5952 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5