Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-12 CVE-2016-5954 Improper Access Control vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
network
low complexity
ibm CWE-284
4.0
2016-09-02 CVE-2016-5879 Improper Input Validation vulnerability in IBM MQ Appliance Firmware 8.0
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
local
low complexity
ibm CWE-20
4.6
2016-09-01 CVE-2016-0293 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
network
ibm CWE-79
4.3
2016-08-30 CVE-2016-0397 Information Exposure vulnerability in IBM Bigfix Webreports
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
network
ibm CWE-200
4.3
2016-08-08 CVE-2016-5878 Open Redirect vulnerability in IBM Filenet Workplace
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-601
4.9
2016-08-08 CVE-2016-2989 Improper Access Control vulnerability in IBM Connections Portlets 5.0
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-284
5.8
2016-08-08 CVE-2016-2960 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
network
ibm CWE-284
4.3
2016-08-08 CVE-2016-2914 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Publishing Engine 2.0.1
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
network
low complexity
ibm CWE-434
5.5
2016-08-08 CVE-2016-0361 Information Disclosure vulnerability in IBM Spectrum Scale
IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords.
network
low complexity
ibm
4.0
2016-08-08 CVE-2016-0281 Improper Input Validation vulnerability in IBM AIX and Vios
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
network
ibm CWE-20
4.3