Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2871 Credentials Management vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.
local
low complexity
ibm CWE-255
4.6
2016-11-30 CVE-2016-5987 Improper Input Validation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
network
low complexity
ibm CWE-20
5.0
2016-11-30 CVE-2016-3057 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2016-11-30 CVE-2016-3004 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.
network
ibm CWE-352
4.9
2016-11-30 CVE-2016-2963 Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
2016-11-30 CVE-2016-2958 Information Exposure vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.
network
low complexity
ibm CWE-200
4.0
2016-11-30 CVE-2016-2957 Information Exposure vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.
network
low complexity
ibm CWE-200
4.0
2016-11-30 CVE-2016-2953 Cryptographic Issues vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
ibm CWE-310
4.3
2016-11-30 CVE-2016-2952 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
network
ibm CWE-200
4.3
2016-11-30 CVE-2016-2951 Cryptographic Issues vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
network
ibm CWE-310
4.3