Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-11-30 CVE-2016-2931 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
low complexity
ibm CWE-200
5.0
2016-11-25 CVE-2016-2929 Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
network
ibm CWE-284
4.3
2016-11-25 CVE-2016-2928 Information Exposure Through Log Files vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
network
low complexity
ibm CWE-532
4.0
2016-11-25 CVE-2016-2927 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
network
ibm CWE-200
4.3
2016-11-25 CVE-2016-0319 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-284
5.0
2016-11-25 CVE-2016-0318 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
network
ibm CWE-284
6.0
2016-11-25 CVE-2016-0317 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
ibm CWE-284
4.3
2016-11-25 CVE-2016-5991 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
local
ibm CWE-264
4.4
2016-11-25 CVE-2016-5968 Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
network
low complexity
ibm CWE-918
5.0
2016-11-25 CVE-2016-3025 7PK - Security Features vulnerability in IBM products
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
network
low complexity
ibm CWE-254
5.0