Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5941 Path Traversal vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.7
2017-02-01 CVE-2016-5940 Cross-site Scripting vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5881 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-2992 Cross-site Scripting vulnerability in IBM Biginsights 4.2
IBM Infosphere BigInsights is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-2941 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-02-01 CVE-2016-2924 Cross-site Scripting vulnerability in IBM Biginsights 4.2
IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-0320 Improper Access Control vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects.
network
low complexity
ibm CWE-284
4.3
2017-02-01 CVE-2016-0218 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-0217 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8967 Credentials Management vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-255
5.5