Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2016-8987 Information Exposure vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
network
low complexity
ibm CWE-200
4.3
2017-06-08 CVE-2014-4843 Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
network
low complexity
ibm CWE-358
5.3
2017-06-07 CVE-2017-1305 Cross-site Scripting vulnerability in IBM Rational Doors Next Generation 6.0.2/6.0.3
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-07 CVE-2017-1178 Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-06-07 CVE-2016-9710 Information Exposure vulnerability in IBM Cognos Business Intelligence Server
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files.
network
low complexity
ibm CWE-200
5.3
2017-06-07 CVE-2016-8939 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised.
local
low complexity
ibm CWE-200
5.5
2017-06-07 CVE-2016-6089 Improper Access Control vulnerability in IBM Websphere MQ 9.0.0.0/9.0.1
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls.
local
low complexity
ibm CWE-284
5.5
2017-06-07 CVE-2016-5960 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-06-07 CVE-2016-5959 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
2017-06-07 CVE-2016-3051 Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager 9.0 Firmware
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server.
network
low complexity
ibm CWE-264
4.3