Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-07 CVE-2017-1133 Cross-site Scripting vulnerability in IBM products
IBM QRadar 7.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-07 CVE-2016-9730 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2017-03-07 CVE-2016-9729 Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-287
6.5
2017-03-07 CVE-2016-9725 Information Exposure vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them.
network
low complexity
ibm CWE-200
5.3
2017-03-07 CVE-2016-9723 Cross-site Scripting vulnerability in IBM products
IBM QRadar 7.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-03-07 CVE-2016-9720 Information Exposure vulnerability in IBM products
IBM QRadar 7.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
2017-03-07 CVE-2016-9693 Improper Input Validation vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks.
local
low complexity
ibm CWE-20
6.1
2017-03-07 CVE-2016-8971 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations.
network
low complexity
ibm CWE-119
6.5
2017-03-01 CVE-2016-8232 Cross-site Scripting vulnerability in IBM Advanced Management Module Firmware
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
network
low complexity
ibm CWE-79
6.1
2017-03-01 CVE-2016-5932 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4