Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-22 CVE-2017-1326 Improper Privilege Management vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling File Gateway does not properly restrict user requests based on permission level.
network
low complexity
ibm CWE-269
4.3
2017-06-22 CVE-2016-9983 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to.
network
high complexity
ibm CWE-200
5.3
2017-06-22 CVE-2016-9982 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control.
network
low complexity
ibm CWE-200
6.5
2017-06-22 CVE-2016-9747 Cross-site Scripting vulnerability in IBM products
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-21 CVE-2017-1304 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Elastic Storage Server
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file.
local
high complexity
ibm CWE-119
6.2
2017-06-21 CVE-2017-1117 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled.
network
high complexity
ibm
5.3
2017-06-20 CVE-2017-3744 Information Exposure Through Log Files vulnerability in multiple products
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running.
network
low complexity
lenovo ibm CWE-532
6.5
2017-06-13 CVE-2017-1104 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-13 CVE-2017-1102 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-13 CVE-2017-1101 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4