Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-01 CVE-2016-2954 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.
network
low complexity
ibm CWE-79
5.4
2016-09-01 CVE-2016-0293 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
network
low complexity
ibm CWE-79
6.1
2016-08-30 CVE-2016-0397 Information Exposure vulnerability in IBM Bigfix Webreports
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
network
high complexity
ibm CWE-200
5.9
2016-08-30 CVE-2016-0292 Information Exposure vulnerability in IBM Bigfix
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.
local
low complexity
ibm CWE-200
5.5
2016-08-08 CVE-2016-5878 Open Redirect vulnerability in IBM Filenet Workplace
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-601
6.8
2016-08-08 CVE-2016-3059 Information Exposure vulnerability in IBM products
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
local
low complexity
ibm CWE-200
6.2
2016-08-08 CVE-2016-3054 Cross-site Scripting vulnerability in IBM Filenet Workplace 4.0.2
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
network
low complexity
ibm CWE-79
5.4
2016-08-08 CVE-2016-2989 Improper Access Control vulnerability in IBM Connections Portlets 5.0
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ibm CWE-284
6.5
2016-08-08 CVE-2016-2925 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-08-08 CVE-2016-2914 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Publishing Engine 2.0.1
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
network
low complexity
ibm CWE-434
5.4