Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-23 | CVE-2015-2014 | Cross-Site Scripting vulnerability in IBM Domino Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA. network ibm | 5.8 |
| 2015-08-22 | CVE-2015-4938 | Spoofing vulnerability in IBM WebSphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-08-22 | CVE-2015-1932 | Information Exposure vulnerability in IBM products IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header. | 5.0 |
| 2015-08-03 | CVE-2015-4936 | Denial of Service vulnerability in Multiple IBM Products Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
| 2015-07-26 | CVE-2015-4945 | Information Exposure vulnerability in IBM Maximo Anywhere 7.5.1.0/7.5.1.1/7.5.1.2 Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application. | 5.0 |
| 2015-07-21 | CVE-2015-1905 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. | 4.0 |
| 2015-07-20 | CVE-2015-1984 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | 4.0 |
| 2015-07-20 | CVE-2015-1982 | Information Exposure vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 4.0 |
| 2015-07-20 | CVE-2015-1883 | Information Exposure vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | 4.0 |
| 2015-07-20 | CVE-2015-0157 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. | 6.8 |