Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5950 Credentials Management vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
4.0
2017-02-01 CVE-2016-5949 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
network
low complexity
ibm CWE-254
4.0
2017-02-01 CVE-2016-5939 SQL Injection vulnerability in IBM Kenexa LMS ON Cloud
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
2017-02-01 CVE-2016-5937 Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
2017-02-01 CVE-2016-5898 7PK - Security Features vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.
network
low complexity
ibm CWE-254
4.0
2017-02-01 CVE-2016-5896 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
network
low complexity
ibm CWE-200
5.0
2017-02-01 CVE-2016-5884 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-5882 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-3046 SQL Injection vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
4.0
2017-02-01 CVE-2016-3045 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web stores sensitive information in URL parameters.
network
ibm CWE-200
4.3