Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-3000 Improper Input Validation vulnerability in IBM Connections
The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.
network
low complexity
ibm CWE-20
4.3
2016-09-26 CVE-2016-2999 Information Exposure vulnerability in IBM Connections
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.
network
low complexity
ibm CWE-200
6.5
2016-09-12 CVE-2016-5954 Improper Access Control vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
network
low complexity
ibm CWE-284
6.5
2016-09-12 CVE-2016-5927 Information Exposure vulnerability in IBM Tivoli Storage Manager for Space Management
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.
local
low complexity
ibm CWE-200
5.5
2016-09-12 CVE-2016-0331 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-3010 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-3008 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-3005 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-2997 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-2995 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010.
network
low complexity
ibm CWE-79
5.4