Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-08 | CVE-2015-1993 | Unspecified vulnerability in IBM Security Qradar Incident Forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | 5.0 |
| 2015-11-08 | CVE-2015-1989 | SQL Injection vulnerability in IBM Security Qradar Incident Forensics SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-11-08 | CVE-2015-7395 | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. | 4.0 |
| 2015-11-04 | CVE-2015-5021 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server 11.3/11.5 IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | 5.5 |
| 2015-10-29 | CVE-2015-4997 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.5.0.0 IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | 6.8 |
| 2015-10-28 | CVE-2014-8912 | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | 5.0 |
| 2015-10-16 | CVE-2015-4948 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. | 6.9 |
| 2015-10-11 | CVE-2015-4929 | Information Exposure vulnerability in IBM License Metric Tool IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | 4.0 |
| 2015-10-06 | CVE-2015-5024 | Information Exposure vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. | 4.0 |
| 2015-10-06 | CVE-2015-5022 | Information Exposure vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3 IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. | 4.3 |