Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2016-3019 Inadequate Encryption Strength vulnerability in IBM Security Access Manager 9.0 Firmware
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
6.5
2017-06-07 CVE-2016-0254 XXE vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-05-26 CVE-2017-1325 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-05-26 CVE-2017-1292 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
5.3
2017-05-26 CVE-2017-1291 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks.
network
low complexity
ibm CWE-79
5.4
2017-05-22 CVE-2017-1320 Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-22 CVE-2017-1282 Cross-site Scripting vulnerability in IBM Content Navigator
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-22 CVE-2017-1159 Open Redirect vulnerability in IBM Business Process Manager
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
5.4
2017-05-15 CVE-2016-9750 Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
6.5
2017-05-15 CVE-2016-9735 Information Exposure vulnerability in IBM products
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces.
network
low complexity
ibm CWE-200
4.3