Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-08-03 CVE-2015-4936 Denial of Service vulnerability in Multiple IBM Products
Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors.
network
low complexity
ibm
5.0
2015-07-26 CVE-2015-4945 Information Exposure vulnerability in IBM Maximo Anywhere 7.5.1.0/7.5.1.1/7.5.1.2
Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application.
network
low complexity
ibm CWE-200
5.0
2015-07-21 CVE-2015-1905 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2015-07-20 CVE-2015-1984 Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Master Data Management
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
network
low complexity
ibm CWE-264
4.0
2015-07-20 CVE-2015-1982 Information Exposure vulnerability in IBM Infosphere Master Data Management
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
ibm CWE-200
4.0
2015-07-20 CVE-2015-1883 Information Exposure vulnerability in IBM DB2
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.
network
low complexity
ibm CWE-200
4.0
2015-07-20 CVE-2015-0157 Improper Input Validation vulnerability in IBM DB2
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.
network
low complexity
ibm CWE-20
6.8
2015-07-20 CVE-2014-8910 Injection vulnerability in IBM DB2
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.
network
low complexity
ibm CWE-74
4.0
2015-07-14 CVE-2015-1946 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
local
ibm CWE-264
4.4
2015-07-14 CVE-2015-1936 Improper Access Control vulnerability in IBM Websphere Application Server
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.
network
ibm CWE-284
6.0