Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-9704 Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-9000 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-8999 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8982 Information Exposure vulnerability in IBM Infosphere Datastage 11.3/8.7/9.1
IBM InfoSphere Information Server stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-8977 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-8963 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-02-01 CVE-2016-8933 Path Traversal vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2017-02-01 CVE-2016-8929 SQL Injection vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
5.4
2017-02-01 CVE-2016-6110 Credentials Management vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
local
low complexity
ibm CWE-255
6.5
2017-02-01 CVE-2016-5942 Cross-site Scripting vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4