Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-11-04 CVE-2015-5021 Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server 11.3/11.5
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-264
5.5
2015-10-29 CVE-2015-4997 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.5.0.0
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
network
ibm CWE-264
6.8
2015-10-28 CVE-2014-8912 Improper Access Control vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
network
low complexity
ibm CWE-284
5.0
2015-10-16 CVE-2015-4948 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.
local
ibm CWE-264
6.9
2015-10-11 CVE-2015-4929 Information Exposure vulnerability in IBM License Metric Tool
IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.
network
low complexity
ibm CWE-200
4.0
2015-10-06 CVE-2015-5024 Information Exposure vulnerability in IBM Emptoris Sourcing
IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
2015-10-06 CVE-2015-5022 Information Exposure vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
network
ibm CWE-200
4.3
2015-10-06 CVE-2015-4973 Cross-site Scripting vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-10-06 CVE-2015-4967 SQL Injection vulnerability in IBM products
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
2015-10-06 CVE-2015-4965 Information Exposure vulnerability in IBM products
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
network
low complexity
ibm CWE-200
4.0