Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-10-06 CVE-2015-4964 Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
network
ibm CWE-264
6.0
2015-10-06 CVE-2015-4939 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-10-04 CVE-2015-2030 Security Bypass vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
ibm
5.0
2015-10-04 CVE-2015-2029 Session Hijacking vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1
Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.
network
ibm
4.3
2015-10-04 CVE-2015-2028 HTTP Response Splitting vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
ibm
4.3
2015-10-04 CVE-2015-2026 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2015-10-04 CVE-2015-2025 Information Exposure vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
ibm CWE-200
4.3
2015-10-04 CVE-2015-1934 Cryptographic Issues vulnerability in IBM products
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
network
low complexity
ibm CWE-310
5.0
2015-10-03 CVE-2015-0195 Cross-site Scripting vulnerability in IBM Content Template Catalog 4.0
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-10-03 CVE-2015-0145 Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.8