Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-02 | CVE-2015-4989 | Information Exposure vulnerability in IBM Tealeaf Customer Experience The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name. | 5.0 |
| 2016-01-01 | CVE-2015-7456 | Information Exposure vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | 4.0 |
| 2016-01-01 | CVE-2015-7421 | Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. | 5.0 |
| 2016-01-01 | CVE-2015-7420 | Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | 5.0 |
| 2016-01-01 | CVE-2015-7410 | Code vulnerability in IBM Sterling B2B Integrator 5.2 The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | 5.8 |
| 2016-01-01 | CVE-2015-5049 | SQL Injection vulnerability in IBM Openpages GRC Platform SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2016-01-01 | CVE-2015-4943 | Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. | 5.0 |
| 2016-01-01 | CVE-2015-4941 | Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | 5.0 |
| 2016-01-01 | CVE-2015-7441 | Code vulnerability in IBM Business Process Manager and Websphere Process Server Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 4.9 |
| 2015-12-31 | CVE-2015-1947 | Local Privilege Escalation vulnerability in IBM Infosphere BigInsights Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program. local ibm | 6.9 |