Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-9704 | Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-9000 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. | 6.1 |
| 2017-02-01 | CVE-2016-8999 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. | 5.4 |
| 2017-02-01 | CVE-2016-8982 | Information Exposure vulnerability in IBM Infosphere Datastage 11.3/8.7/9.1 IBM InfoSphere Information Server stores sensitive information in URL parameters. | 5.3 |
| 2017-02-01 | CVE-2016-8977 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. | 5.3 |
| 2017-02-01 | CVE-2016-8963 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-8933 | Path Traversal vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2017-02-01 | CVE-2016-8929 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 5.4 |
| 2017-02-01 | CVE-2016-6110 | Credentials Management vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | 6.5 |
| 2017-02-01 | CVE-2016-5942 | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. | 5.4 |