Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-02 CVE-2016-2868 XML External Entity Information Disclosure vulnerability in IBM QRadar SIEM
IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
4.0
2016-07-02 CVE-2016-2867 7PK - Security Features vulnerability in IBM Infosphere Streams and Streams
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
local
ibm CWE-254
6.9
2016-07-02 CVE-2016-2861 Information Exposure vulnerability in IBM Websphere Extreme Scale
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
ibm CWE-200
4.3
2016-07-02 CVE-2016-0400 HTTP Response Splitting vulnerability in IBM WebSphere eXtreme Scale
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
ibm
4.3
2016-07-02 CVE-2016-0398 Improper Input Validation vulnerability in IBM Cognos Analytics 11.0.0
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
network
ibm CWE-20
4.3
2016-07-02 CVE-2016-0386 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
network
ibm CWE-352
6.0
2016-07-01 CVE-2016-0374 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2016-07-01 CVE-2016-0365 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
network
ibm CWE-200
4.3
2016-07-01 CVE-2016-0364 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
network
low complexity
ibm CWE-200
4.0
2016-07-01 CVE-2016-0362 Security Bypass vulnerability in IBM TRIRIGA Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.
network
low complexity
ibm
4.0