Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2017-1155 | Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. | 4.3 |
| 2017-03-20 | CVE-2017-1146 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0 IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2016-9696 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. | 5.4 |
| 2017-03-20 | CVE-2016-9694 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2016-8973 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. | 4.3 |
| 2017-03-20 | CVE-2016-2981 | Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. | 6.8 |
| 2017-03-08 | CVE-2016-9985 | Information Exposure Through Log Files vulnerability in IBM Cognos Business Intelligence 10.1.1/10.2 IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. | 5.5 |
| 2017-03-08 | CVE-2016-9006 | Cross-site Scripting vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-08 | CVE-2016-5933 | 7PK - Security Features vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. | 4.6 |
| 2017-03-08 | CVE-2016-5894 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. | 5.1 |