Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-20 CVE-2017-1155 Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request.
network
low complexity
ibm CWE-200
4.3
2017-03-20 CVE-2017-1146 Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-20 CVE-2016-9696 Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2017-03-20 CVE-2016-9694 Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-20 CVE-2016-8973 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server.
network
low complexity
ibm CWE-434
4.3
2017-03-20 CVE-2016-2981 Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials.
low complexity
ibm CWE-200
6.8
2017-03-08 CVE-2016-9985 Information Exposure Through Log Files vulnerability in IBM Cognos Business Intelligence 10.1.1/10.2
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2017-03-08 CVE-2016-9006 Cross-site Scripting vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-08 CVE-2016-5933 7PK - Security Features vulnerability in IBM Tivoli Monitoring
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass.
network
low complexity
ibm CWE-254
4.6
2017-03-08 CVE-2016-5894 Information Exposure vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability.
local
high complexity
ibm CWE-200
5.1