Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-17 CVE-2015-7469 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.
network
low complexity
ibm CWE-264
4.0
2016-01-17 CVE-2015-7468 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2016-01-15 CVE-2015-5007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
2016-01-11 CVE-2015-7399 Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
2016-01-10 CVE-2015-7466 Injection vulnerability in IBM Jazz Reporting Service 6.0
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.
network
low complexity
ibm CWE-74
4.0
2016-01-10 CVE-2015-7465 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service 6.0
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
2016-01-10 CVE-2015-7397 Open Redirection vulnerability in IBM Websphere Commerce 7.0
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
network
ibm
5.8
2016-01-03 CVE-2015-5051 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2016-01-03 CVE-2015-5037 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8
2016-01-03 CVE-2015-5023 SQL Injection vulnerability in IBM Curam Social Program Management
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5