Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-29 CVE-2016-0245 Portal XML External Entity Denial of Service vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
5.5
2016-02-29 CVE-2016-0244 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
network
ibm CWE-79
4.3
2016-02-29 CVE-2016-0243 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
network
ibm CWE-79
4.3
2016-02-29 CVE-2016-0225 Improper Access Control vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-284
4.0
2016-02-29 CVE-2015-8524 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-02-29 CVE-2015-7457 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-02-29 CVE-2015-7455 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.
network
low complexity
ibm CWE-264
4.0
2016-02-29 CVE-2015-7428 Open Redirection vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
network
ibm
5.8
2016-02-15 CVE-2016-0232 Information Exposure vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
network
low complexity
ibm CWE-200
4.0
2016-02-15 CVE-2016-0231 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.0.0
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.
network
low complexity
ibm CWE-200
4.0