Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6039 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6034 Information Exposure vulnerability in IBM Tivoli Storage Manager for Virtual Environments Data Protection for VMWare
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
network
low complexity
ibm CWE-200
6.8
2017-02-01 CVE-2016-6030 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6028 Permissions, Privileges, and Access Controls vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
network
low complexity
ibm CWE-264
4.3
2017-02-01 CVE-2016-6020 Open Redirect vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2017-02-01 CVE-2016-6000 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-5994 Information Exposure vulnerability in IBM Infosphere Information Server 11.5
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
network
low complexity
ibm CWE-200
6.5
2017-02-01 CVE-2016-5990 Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
network
low complexity
ibm CWE-284
6.3
2017-02-01 CVE-2016-5988 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
network
low complexity
ibm CWE-200
6.5
2017-02-01 CVE-2016-5984 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
low complexity
ibm CWE-79
6.1