Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-4989 Information Exposure vulnerability in IBM Tealeaf Customer Experience
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
network
low complexity
ibm CWE-200
5.0
2016-01-01 CVE-2015-7456 Information Exposure vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
2016-01-01 CVE-2015-7421 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.
network
low complexity
ibm CWE-200
5.0
2016-01-01 CVE-2015-7420 Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
network
low complexity
ibm CWE-200
5.0
2016-01-01 CVE-2015-7410 Code vulnerability in IBM Sterling B2B Integrator 5.2
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
network
ibm CWE-17
5.8
2016-01-01 CVE-2015-5049 SQL Injection vulnerability in IBM Openpages GRC Platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
2016-01-01 CVE-2015-4943 Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
network
low complexity
ibm CWE-17
5.0
2016-01-01 CVE-2015-4941 Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
network
low complexity
ibm CWE-17
5.0
2016-01-01 CVE-2015-7441 Code vulnerability in IBM Business Process Manager and Websphere Process Server
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
ibm CWE-17
4.9
2015-12-31 CVE-2015-1947 Local Privilege Escalation vulnerability in IBM Infosphere BigInsights
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.
local
ibm
6.9