Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6117 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-0371 Unspecified vulnerability in IBM Tivoli Storage Manager
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
local
low complexity
ibm
5.5
2017-02-01 CVE-2016-9731 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8981 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
5.5
2017-02-01 CVE-2016-8966 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-01 CVE-2016-8961 Open Redirect vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2017-02-01 CVE-2016-8943 Cross-site Scripting vulnerability in IBM products
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8936 Cross-site Scripting vulnerability in IBM Social Rendering Templates for Digital Data Connector 1.0
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-8934 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8922 Cross-site Scripting vulnerability in IBM products
Exphox WebRadar is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1