Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-26 CVE-2016-8924 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier.
network
high complexity
ibm CWE-79
5.6
2017-04-24 CVE-2015-0107 Path Traversal vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
network
low complexity
ibm CWE-22
6.5
2017-04-20 CVE-2016-9980 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-20 CVE-2016-9979 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-20 CVE-2016-9978 Information Exposure vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information.
network
low complexity
ibm CWE-200
4.3
2017-04-20 CVE-2016-8923 Information Exposure vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to.
network
low complexity
ibm CWE-200
4.3
2017-04-17 CVE-2017-1160 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-17 CVE-2016-3038 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-17 CVE-2016-3037 Information Exposure vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key.
network
low complexity
ibm CWE-200
5.7
2017-04-17 CVE-2016-0228 Open Redirect vulnerability in IBM Marketing Platform 10.0
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts.
network
low complexity
ibm CWE-601
5.4