Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-3022 Permission Issues vulnerability in IBM products
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
network
low complexity
ibm CWE-275
6.5
2017-02-01 CVE-2016-3018 Cross-site Scripting vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-3016 Insufficient Verification of Data Authenticity vulnerability in IBM products
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
network
high complexity
ibm CWE-345
4.4
2017-02-01 CVE-2016-2987 Information Exposure vulnerability in IBM products
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
network
low complexity
ibm CWE-200
4.3
2017-02-01 CVE-2016-2939 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-2938 Cross-site Scripting vulnerability in IBM Domino and Inotes
IBM iNotes is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-0265 Cross-site Scripting vulnerability in IBM Campaign
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2016-12-01 CVE-2016-3047 Open Redirect vulnerability in IBM Filenet Workplace 4.0.2
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-601
6.8
2016-12-01 CVE-2016-3044 Improper Access Control vulnerability in IBM Powerkvm
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.
local
low complexity
ibm CWE-284
6.5
2016-12-01 CVE-2016-2994 Cross-site Scripting vulnerability in IBM Urbancode Deploy
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4