Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-03 | CVE-2015-4936 | Denial of Service vulnerability in Multiple IBM Products Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2015-07-26 | CVE-2015-4945 | Information Exposure vulnerability in IBM Maximo Anywhere 7.5.1.0/7.5.1.1/7.5.1.2 Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application. | 5.0 |
2015-07-21 | CVE-2015-1905 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. | 4.0 |
2015-07-20 | CVE-2015-1984 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | 4.0 |
2015-07-20 | CVE-2015-1982 | Information Exposure vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 4.0 |
2015-07-20 | CVE-2015-1883 | Information Exposure vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | 4.0 |
2015-07-20 | CVE-2015-0157 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. | 6.8 |
2015-07-20 | CVE-2014-8910 | Injection vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | 4.0 |
2015-07-14 | CVE-2015-1946 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. | 4.4 |
2015-07-14 | CVE-2015-1936 | Improper Access Control vulnerability in IBM Websphere Application Server The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | 6.0 |