Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-10-03 CVE-2015-0143 Information Exposure vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
network
low complexity
ibm CWE-200
4.0
2015-10-03 CVE-2015-0142 Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.
network
low complexity
ibm CWE-264
4.0
2015-10-03 CVE-2015-0141 Improper Access Control vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
network
low complexity
ibm CWE-284
4.0
2015-09-14 CVE-2015-4980 Information Exposure vulnerability in IBM Websphere Commerce
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors.
network
low complexity
ibm CWE-200
4.0
2015-09-14 CVE-2015-2013 Resource Management Errors vulnerability in IBM Websphere MQ
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.
network
low complexity
ibm CWE-399
5.0
2015-08-23 CVE-2015-4950 Information Exposure vulnerability in IBM products
The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.
network
low complexity
ibm CWE-200
4.0
2015-08-23 CVE-2015-2015 Cross-site Scripting vulnerability in IBM Domino
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.
network
ibm CWE-79
4.3
2015-08-23 CVE-2015-2014 Cross-Site Scripting vulnerability in IBM Domino
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.
network
ibm
5.8
2015-08-22 CVE-2015-4938 Spoofing vulnerability in IBM WebSphere Application Server
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.
network
low complexity
ibm
5.0
2015-08-22 CVE-2015-1932 Information Exposure vulnerability in IBM products
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.
network
low complexity
ibm CWE-200
5.0