Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-01 | CVE-2016-5950 | Credentials Management vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | 4.0 |
2017-02-01 | CVE-2016-5949 | 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | 4.0 |
2017-02-01 | CVE-2016-5939 | SQL Injection vulnerability in IBM Kenexa LMS ON Cloud IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 6.5 |
2017-02-01 | CVE-2016-5937 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2017-02-01 | CVE-2016-5898 | 7PK - Security Features vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. | 4.0 |
2017-02-01 | CVE-2016-5896 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. | 5.0 |
2017-02-01 | CVE-2016-5884 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 4.3 |
2017-02-01 | CVE-2016-5882 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 4.3 |
2017-02-01 | CVE-2016-3046 | SQL Injection vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to SQL injection. | 4.0 |
2017-02-01 | CVE-2016-3045 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web stores sensitive information in URL parameters. | 4.3 |