Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-2939 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-2938 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2017-02-01 CVE-2016-2908 XXE vulnerability in IBM products
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser.
network
low complexity
ibm CWE-611
6.4
2017-02-01 CVE-2016-0396 Command Injection vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
network
ibm CWE-77
6.8
2017-02-01 CVE-2016-0297 Information Exposure vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
network
ibm CWE-200
4.3
2017-01-18 CVE-2016-10086 Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
network
low complexity
ca ibm linux microsoft oracle CWE-264
5.5
2017-01-06 CVE-2016-9879 Channel and Path Errors vulnerability in multiple products
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1.
network
low complexity
vmware ibm CWE-417
5.0
2016-12-13 CVE-2015-5073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
network
low complexity
ibm pcre CWE-119
6.4
2016-12-13 CVE-2015-3217 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
network
low complexity
pcre ibm CWE-119
5.0
2016-12-01 CVE-2016-3055 XXE vulnerability in IBM Filenet Workplace 4.0.2
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-611
5.5