Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-07-14 CVE-2015-1927 Improper Access Control vulnerability in IBM Websphere Application Server
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors.
network
ibm CWE-284
6.8
2015-07-14 CVE-2015-1917 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-07-14 CVE-2015-1887 Information Exposure vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
network
low complexity
ibm CWE-200
5.0
2015-07-04 CVE-2015-1966 Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.
network
ibm CWE-79
4.3
2015-07-02 CVE-2015-1916 Unspecified vulnerability in IBM Java 8.0
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.
network
low complexity
ibm
5.0
2015-07-02 CVE-2015-1914 Information Exposure vulnerability in IBM Java
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
network
low complexity
ibm CWE-200
5.0
2015-07-01 CVE-2015-1967 Information Exposure vulnerability in IBM Websphere MQ 8.0.0.2
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.
network
ibm CWE-200
4.3
2015-07-01 CVE-2015-1950 Credentials Management vulnerability in IBM Powervc 1.2.2.1/1.2.2.2
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
local
low complexity
ibm CWE-255
4.6
2015-06-30 CVE-2015-1919 Cross-site Scripting vulnerability in IBM Security Qradar Incident Forensics
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-06-30 CVE-2015-1913 Cryptographic Issues vulnerability in IBM products
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which makes it easier for remote attackers to bypass authentication via unspecified vectors.
network
low complexity
ibm CWE-310
5.0