Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-30 | CVE-2016-0349 | Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | 4.0 |
2016-06-29 | CVE-2016-0304 | Improper Access Control vulnerability in IBM Domino The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. | 6.8 |
2016-06-29 | CVE-2016-0298 | Information Exposure vulnerability in IBM Security Guardium Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. | 4.0 |
2016-06-29 | CVE-2016-0267 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request. | 4.0 |
2016-06-29 | CVE-2016-0260 | Resource Management Errors vulnerability in IBM Websphere MQ Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. | 5.0 |
2016-06-28 | CVE-2016-0233 | SQL Injection vulnerability in IBM Marketing Platform SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2016-06-28 | CVE-2016-0229 | Cross-site Scripting vulnerability in IBM Marketing Platform Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-06-26 | CVE-2016-0301 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279. | 6.8 |
2016-06-26 | CVE-2016-0279 | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. | 6.8 |
2016-06-26 | CVE-2016-0278 | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | 6.8 |