Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-30 CVE-2016-0349 Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
network
low complexity
ibm CWE-284
4.0
2016-06-29 CVE-2016-0304 Improper Access Control vulnerability in IBM Domino
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.
network
ibm CWE-284
6.8
2016-06-29 CVE-2016-0298 Information Exposure vulnerability in IBM Security Guardium
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-200
4.0
2016-06-29 CVE-2016-0267 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.
network
low complexity
ibm CWE-200
4.0
2016-06-29 CVE-2016-0260 Resource Management Errors vulnerability in IBM Websphere MQ
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
network
low complexity
ibm CWE-399
5.0
2016-06-28 CVE-2016-0233 SQL Injection vulnerability in IBM Marketing Platform
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
2016-06-28 CVE-2016-0229 Cross-site Scripting vulnerability in IBM Marketing Platform
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-06-26 CVE-2016-0301 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.
network
ibm CWE-119
6.8
2016-06-26 CVE-2016-0279 Improper Access Control vulnerability in IBM Domino
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.
network
ibm CWE-284
6.8
2016-06-26 CVE-2016-0278 Improper Access Control vulnerability in IBM Domino
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.
network
ibm CWE-284
6.8