Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-05 CVE-2016-5892 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2016-10-01 CVE-2016-3042 Cross-site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-6038 Path Traversal vulnerability in IBM AIX 5.3/6.1/7.1
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
6.5
6.5
2016-09-26 CVE-2016-5997 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm CWE-640
6.5
6.5
2016-09-26 CVE-2016-5978 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5977 Open Redirect vulnerability in IBM Tealeaf Customer Experience
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-601
6.8
6.8
2016-09-26 CVE-2016-5976 Information Exposure vulnerability in IBM Tealeaf Customer Experience
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
network
low complexity
ibm CWE-200
4.9
4.9
2016-09-26 CVE-2016-5975 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5974 Cross-site Scripting vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5972 Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-284
6.8
6.8