Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-15 CVE-2016-0357 Improper Access Control vulnerability in IBM Security Identity Manager Adapter
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-284
4.3
2016-07-15 CVE-2016-0339 Improper Access Control vulnerability in IBM Security Identity Manager Adapter
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."
network
high complexity
ibm CWE-284
5.6
2016-07-15 CVE-2016-0338 Information Exposure vulnerability in IBM Security Identity Manager Adapter
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.
local
low complexity
ibm CWE-200
6.2
2016-07-15 CVE-2016-0269 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-2888 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0350 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0314 Unspecified vulnerability in IBM Jazz Reporting Service
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.
network
low complexity
ibm
6.5
2016-07-08 CVE-2016-0313 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0252 Information Exposure vulnerability in IBM Control Center and Sterling Control Center
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.
local
high complexity
ibm CWE-200
5.1
2016-07-07 CVE-2016-0389 Information Exposure vulnerability in IBM Websphere Application Server
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.3