Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-27 CVE-2016-0209 Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2016-01-27 CVE-2015-7487 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
local
low complexity
ibm CWE-200
4.9
2016-01-27 CVE-2015-7439 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-01-20 CVE-2015-4951 Improper Input Validation vulnerability in IBM Tivoli Storage Manager
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.
network
low complexity
ibm CWE-20
5.0
2016-01-18 CVE-2016-0201 Information Exposure vulnerability in IBM Security Network Protection Firmware 5.3.1/5.3.2
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
network
ibm CWE-200
4.3
2016-01-18 CVE-2015-5008 Cross-site Scripting vulnerability in IBM Websphere Commerce
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-01-18 CVE-2015-5002 Cross-site Scripting vulnerability in IBM Host On-Demand
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-01-18 CVE-2015-4959 Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2016-01-18 CVE-2015-4942 Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943.
network
low complexity
ibm CWE-399
5.0
2016-01-17 CVE-2015-7470 Information Exposure vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.
network
low complexity
ibm CWE-200
5.0