Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-05 CVE-2016-5983 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
network
low complexity
ibm CWE-284
6.5
2016-10-01 CVE-2016-5995 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Connect
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
6.9
2016-10-01 CVE-2016-5986 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
2016-09-26 CVE-2016-6038 Path Traversal vulnerability in IBM AIX 5.3/6.1/7.1
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
4.0
2016-09-26 CVE-2016-5997 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
4.0
2016-09-26 CVE-2016-5996 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
5.0
2016-09-26 CVE-2016-5977 Open Redirect vulnerability in IBM Tealeaf Customer Experience
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-601
4.9
2016-09-26 CVE-2016-5972 Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
ibm CWE-284
4.9
2016-09-26 CVE-2016-5971 Information Exposure vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-200
5.5
2016-09-26 CVE-2016-5970 Path Traversal vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
ibm CWE-22
4.0