Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-11-25 CVE-2016-2927 Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.
network
high complexity
ibm CWE-200
5.9
2016-11-25 CVE-2016-2926 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-11-25 CVE-2016-0318 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
network
high complexity
ibm CWE-284
5.0
2016-11-25 CVE-2016-0317 Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
low complexity
ibm CWE-284
6.5
2016-11-25 CVE-2016-0316 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-11-25 CVE-2016-5991 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
local
high complexity
ibm CWE-264
4.5
2016-11-25 CVE-2016-5981 Cross-site Scripting vulnerability in IBM Filenet Workplace and Filenet Workplace XT
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-11-25 CVE-2016-5968 Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
network
low complexity
ibm CWE-918
5.3
2016-11-25 CVE-2016-5967 Information Exposure Through Log Files vulnerability in IBM Rational Asset Analyzer
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
local
low complexity
ibm CWE-532
5.5
2016-11-25 CVE-2016-5955 Cross-site Scripting vulnerability in IBM Rational Doors Next Generation 6.0.2
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4