Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-01 CVE-2016-2991 Cross-site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-12-01 CVE-2016-2955 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-11-30 CVE-2016-2881 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.
network
low complexity
ibm CWE-254
6.5
2016-11-30 CVE-2016-2869 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.
network
low complexity
ibm CWE-79
5.4
2016-11-30 CVE-2016-5987 Improper Input Validation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
network
low complexity
ibm CWE-20
5.3
2016-11-30 CVE-2016-5905 Cross-site Scripting vulnerability in IBM Maximo Asset Management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-11-30 CVE-2016-5890 Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
network
high complexity
ibm CWE-255
5.3
2016-11-30 CVE-2016-3057 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
6.1
2016-11-30 CVE-2016-3014 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-11-30 CVE-2016-3004 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.
network
low complexity
ibm CWE-352
4.6