Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-26 CVE-2016-0277 Improper Access Control vulnerability in IBM Domino
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.
network
ibm CWE-284
6.8
2016-06-26 CVE-2016-2901 Cross-Site Request Forgery (CSRF) vulnerability in IBM web Content Manager and Websphere Portal
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
2016-06-19 CVE-2016-0392 Improper Access Control vulnerability in IBM products
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
local
low complexity
ibm CWE-284
4.6
2016-06-06 CVE-2015-5041 Information Exposure vulnerability in multiple products
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
network
low complexity
ibm suse redhat CWE-200
6.4
2016-06-01 CVE-2016-0288 XML External Entity Information Disclosure vulnerability in IBM Security AppScan
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
4.0
2016-05-24 CVE-2016-0264 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
6.8
2016-05-17 CVE-2016-0323 Improper Access Control vulnerability in IBM Bluemix
The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.
network
low complexity
ibm CWE-284
4.0
2016-05-17 CVE-2016-0306 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
ibm CWE-200
4.3
2016-05-15 CVE-2016-0381 Improper Input Validation vulnerability in IBM Cognos TM1
IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.
network
low complexity
ibm CWE-20
4.0
2016-05-15 CVE-2016-0341 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
ibm CWE-200
5.0