Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-01 CVE-2016-3047 Open Redirect vulnerability in IBM Filenet Workplace 4.0.2
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-601
4.9
2016-12-01 CVE-2016-3044 Improper Input Validation vulnerability in IBM Powerkvm
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.
local
low complexity
ibm CWE-20
4.9
2016-12-01 CVE-2016-3033 XXE vulnerability in IBM Appscan Source
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-611
5.5
2016-12-01 CVE-2016-3012 Information Exposure vulnerability in IBM API Connect and Network Path Manager
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.
network
low complexity
ibm CWE-200
5.0
2016-11-30 CVE-2016-2917 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5
The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2016-11-30 CVE-2016-2887 Improper Access Control vulnerability in IBM IMS Enterprise Suite 1.1/2.1/2.2
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
low complexity
ibm microsoft CWE-284
5.5
2016-11-30 CVE-2016-2884 Cross-Site Request Forgery (CSRF) vulnerability in IBM Forms Experience Builder
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2016-11-30 CVE-2016-2881 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.
network
low complexity
ibm CWE-254
6.4
2016-11-30 CVE-2016-2878 Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2016-11-30 CVE-2016-2873 SQL Injection vulnerability in IBM Qradar Security Information and Event Manager
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5