Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5896 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-5884 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-5882 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-5880 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-3043 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-01 CVE-2016-3035 Information Exposure vulnerability in IBM Security Appscan Source 9.0.1/9.0.2/9.0.3
IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-3034 Inadequate Encryption Strength vulnerability in IBM Security Appscan Source 9.0.1/9.0.2/9.0.3
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
local
low complexity
ibm CWE-326
4.4
2017-02-01 CVE-2016-3027 XXE vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-02-01 CVE-2016-3024 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
4.0
2017-02-01 CVE-2016-3023 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
network
low complexity
ibm CWE-200
5.3