Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0640 Remote Security vulnerability in Oracle MySQL
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
4.9
2016-04-05 CVE-2016-0289 Improper Access Control vulnerability in IBM Maximo Asset Management
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
network
low complexity
ibm CWE-284
4.0
2016-04-05 CVE-2015-8523 Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.
network
low complexity
ibm CWE-284
5.0
2016-03-28 CVE-2016-0226 Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
6.9
2016-03-21 CVE-2015-7454 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2016-03-19 CVE-2016-0283 Cross-site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-03-14 CVE-2016-0222 Improper Access Control vulnerability in IBM products
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
network
low complexity
ibm CWE-284
4.0
2016-03-14 CVE-2016-0208 Improper Access Control vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.
network
ibm CWE-284
4.3
2016-03-12 CVE-2015-7448 SQL Injection vulnerability in IBM products
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
2016-03-12 CVE-2015-7446 Cross-Site Request Forgery (CSRF) vulnerability in IBM Flashsystem V9000 Firmware 7.4/7.5/7.6
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8