Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-15 | CVE-2016-6077 | Improper Access Control vulnerability in IBM Cognos Disclosure Management IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. | 5.3 |
| 2017-02-15 | CVE-2016-6060 | Information Exposure vulnerability in IBM products An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. | 4.3 |
| 2017-02-13 | CVE-2017-1121 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-08 | CVE-2016-5918 | Information Exposure vulnerability in IBM Tivoli Storage Manager for Space Management IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | 4.7 |
| 2017-02-08 | CVE-2016-5902 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-08 | CVE-2016-5900 | Information Exposure vulnerability in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01 IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. | 5.9 |
| 2017-02-08 | CVE-2016-0310 | Cross-site Scripting vulnerability in IBM Connections IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | 5.4 |
| 2017-02-08 | CVE-2016-0308 | Improper Access Control vulnerability in IBM Connections IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | 4.3 |
| 2017-02-08 | CVE-2016-0307 | Information Exposure vulnerability in IBM Connections IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. | 4.3 |
| 2017-02-08 | CVE-2016-0305 | Cross-site Scripting vulnerability in IBM Connections IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |