Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2017-1152 Session Fixation vulnerability in IBM Financial Transaction Manager 3.0.1.0/3.0.2.0
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
network
low complexity
ibm CWE-384
4.3
2017-04-14 CVE-2016-8927 Cross-site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-14 CVE-2016-8926 Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users.
network
low complexity
ibm CWE-200
4.3
2017-04-14 CVE-2016-8925 Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system.
network
low complexity
ibm CWE-200
6.5
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
low complexity
kernel redhat ibm
4.6
2017-04-05 CVE-2017-1180 Unspecified vulnerability in IBM Tririga Application Platform
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to.
network
high complexity
ibm
5.3
2017-04-05 CVE-2016-3031 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-05 CVE-2016-3015 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-31 CVE-2017-1171 Unspecified vulnerability in IBM Tririga Application Platform
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to.
network
low complexity
ibm
4.3
2017-03-31 CVE-2017-1154 Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users.
network
low complexity
ibm CWE-200
6.5