Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-8929 | SQL Injection vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to SQL injection. | 5.4 |
| 2017-02-01 | CVE-2016-6110 | Credentials Management vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | 6.5 |
| 2017-02-01 | CVE-2016-5942 | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-5941 | Path Traversal vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. | 5.7 |
| 2017-02-01 | CVE-2016-5940 | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-5881 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-2992 | Cross-site Scripting vulnerability in IBM Biginsights 4.2 IBM Infosphere BigInsights is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-2941 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | 5.5 |
| 2017-02-01 | CVE-2016-2924 | Cross-site Scripting vulnerability in IBM Biginsights 4.2 IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2017-02-01 | CVE-2016-0320 | Improper Access Control vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. | 4.3 |