Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2016-5960 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2017-06-07 | CVE-2016-5959 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. | 5.3 |
| 2017-06-07 | CVE-2016-3051 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. | 4.3 |
| 2017-06-07 | CVE-2016-3019 | Inadequate Encryption Strength vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 6.5 |
| 2017-06-07 | CVE-2016-0254 | XXE vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.5 |
| 2017-05-26 | CVE-2017-1325 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-05-26 | CVE-2017-1292 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. | 5.3 |
| 2017-05-26 | CVE-2017-1291 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. | 5.4 |
| 2017-05-22 | CVE-2017-1320 | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-22 | CVE-2017-1282 | Cross-site Scripting vulnerability in IBM Content Navigator IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. | 5.4 |