Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-02 CVE-2016-6116 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-02 CVE-2016-6099 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
2017-02-02 CVE-2016-5935 Information Exposure vulnerability in IBM Dashboard Application Services HUB 3.1.3
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate.
network
high complexity
ibm CWE-200
5.9
2017-02-01 CVE-2016-9704 Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-9000 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-8999 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8982 Information Exposure vulnerability in IBM Infosphere Datastage 11.3/8.7/9.1
IBM InfoSphere Information Server stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-8977 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-8963 Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-02-01 CVE-2016-8933 Path Traversal vulnerability in IBM Kenexa LMS
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5