Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-29 CVE-2016-3060 Improper Access Control vulnerability in IBM Financial Transaction Manager
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-284
5.7
2016-10-22 CVE-2016-0377 Information Exposure vulnerability in IBM Websphere Application Server
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
4.3
2016-10-22 CVE-2016-0246 Cross-site Scripting vulnerability in IBM Security Guardium
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-10-22 CVE-2016-0242 Information Exposure vulnerability in IBM Security Guardium 10.0/10.01/10.1
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
network
low complexity
ibm CWE-200
4.3
2016-10-16 CVE-2016-0204 Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-601
6.8
2016-10-14 CVE-2016-3056 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content.
network
low complexity
ibm CWE-79
5.4
2016-10-06 CVE-2016-6027 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
network
low complexity
ibm CWE-79
6.1
2016-10-06 CVE-2016-6026 Information Exposure vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
high complexity
ibm CWE-200
5.3
2016-10-06 CVE-2016-6025 Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.
local
low complexity
ibm CWE-264
5.9
2016-10-05 CVE-2016-5901 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4