Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-10 CVE-2016-6037 Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Rational Team Concert (RTC) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
4.8
2017-05-10 CVE-2016-6035 Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Rational Quality Manager is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-10 CVE-2016-5888 Cross-site Scripting vulnerability in IBM Interact
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-10 CVE-2016-3032 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-05 CVE-2016-8916 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued.
local
low complexity
ibm CWE-200
5.5
2017-05-05 CVE-2016-0255 Cross-site Scripting vulnerability in IBM Marketing Platform
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
6.1
2017-05-03 CVE-2016-0382 Information Exposure vulnerability in IBM Tealeaf Consumer Experience
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS.
local
low complexity
ibm CWE-200
4.0
2017-04-28 CVE-2017-1141 Information Exposure vulnerability in IBM Insights Foundation for Energy 1.0/1.5/1.6
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages.
network
low complexity
ibm CWE-200
4.3
2017-04-26 CVE-2017-1170 Unspecified vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session.
local
low complexity
ibm
5.3
2017-04-26 CVE-2016-8962 Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
ibm CWE-255
5.9