Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-22 CVE-2016-0326 Command Injection vulnerability in IBM products
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
network
low complexity
ibm CWE-77
6.5
2016-10-22 CVE-2016-0246 Cross-site Scripting vulnerability in IBM Security Guardium
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-10-22 CVE-2016-0242 Information Exposure vulnerability in IBM Security Guardium 10.0/10.01/10.1
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
network
low complexity
ibm CWE-200
4.0
2016-10-22 CVE-2016-0241 Improper Access Control vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
network
low complexity
ibm CWE-284
6.5
2016-10-22 CVE-2016-0240 7PK - Security Features vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
network
ibm CWE-254
4.3
2016-10-22 CVE-2016-0239 Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2016-10-16 CVE-2016-0204 Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-601
5.8
2016-10-06 CVE-2016-6027 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
network
ibm CWE-79
5.8
2016-10-06 CVE-2016-6025 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
local
low complexity
ibm CWE-264
4.6
2016-10-06 CVE-2016-6023 Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
5.0