Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-14 | CVE-2015-1927 | Improper Access Control vulnerability in IBM Websphere Application Server The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. | 6.8 |
| 2015-07-14 | CVE-2015-1917 | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-07-14 | CVE-2015-1887 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. | 5.0 |
| 2015-07-04 | CVE-2015-1966 | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2 Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros. | 4.3 |
| 2015-07-02 | CVE-2015-1916 | Unspecified vulnerability in IBM Java 8.0 Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. | 5.0 |
| 2015-07-02 | CVE-2015-1914 | Information Exposure vulnerability in IBM Java IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. | 5.0 |
| 2015-07-01 | CVE-2015-1967 | Information Exposure vulnerability in IBM Websphere MQ 8.0.0.2 MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used. | 4.3 |
| 2015-07-01 | CVE-2015-1950 | Credentials Management vulnerability in IBM Powervc 1.2.2.1/1.2.2.2 IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code. | 4.6 |
| 2015-06-30 | CVE-2015-1919 | Cross-site Scripting vulnerability in IBM Security Qradar Incident Forensics Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-06-30 | CVE-2015-1913 | Cryptographic Issues vulnerability in IBM products Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which makes it easier for remote attackers to bypass authentication via unspecified vectors. | 5.0 |