Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-10-22 | CVE-2016-0326 | Command Injection vulnerability in IBM products IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | 6.5 |
2016-10-22 | CVE-2016-0246 | Cross-site Scripting vulnerability in IBM Security Guardium Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-10-22 | CVE-2016-0242 | Information Exposure vulnerability in IBM Security Guardium 10.0/10.01/10.1 IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | 4.0 |
2016-10-22 | CVE-2016-0241 | Improper Access Control vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | 6.5 |
2016-10-22 | CVE-2016-0240 | 7PK - Security Features vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | 4.3 |
2016-10-22 | CVE-2016-0239 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | 6.5 |
2016-10-16 | CVE-2016-0204 | Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2 Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2016-10-06 | CVE-2016-6027 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. | 5.8 |
2016-10-06 | CVE-2016-6025 | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. | 4.6 |
2016-10-06 | CVE-2016-6023 | Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | 5.0 |