Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5980 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5966 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-01 CVE-2016-5951 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5950 Credentials Management vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
6.5
2017-02-01 CVE-2016-5949 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
network
low complexity
ibm CWE-254
4.3
2017-02-01 CVE-2016-5948 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5939 SQL Injection vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
2017-02-01 CVE-2016-5899 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5898 7PK - Security Features vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.
network
low complexity
ibm CWE-254
4.3
2017-02-01 CVE-2016-5897 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4