Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-8920 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8918 Credentials Management vulnerability in IBM Integration BUS 10.0
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
network
high complexity
ibm CWE-255
5.9
2017-02-01 CVE-2016-8913 Path Traversal vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2017-02-01 CVE-2016-8912 Information Exposure Through Log Files vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
network
low complexity
ibm CWE-532
4.3
2017-02-01 CVE-2016-8911 7PK - Security Features vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-254
5.4
2017-02-01 CVE-2016-6126 Path Traversal vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2017-02-01 CVE-2016-6125 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6123 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6122 Information Exposure vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
network
low complexity
ibm CWE-200
4.3
2017-02-01 CVE-2016-6113 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM Verse is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1