Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-07 CVE-2016-0230 Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.
low complexity
ibm CWE-264
6.8
2016-07-03 CVE-2016-2862 Cross-site Scripting vulnerability in IBM Websphere Commerce
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-07-03 CVE-2016-0359 Unspecified vulnerability in IBM Websphere Application Server
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
low complexity
ibm
6.1
2016-07-03 CVE-2016-0346 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-03 CVE-2016-0221 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-2968 Permissions, Privileges, and Access Controls vulnerability in IBM Security Qradar Incident Forensics
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2016-07-02 CVE-2016-2961 Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
network
low complexity
ibm CWE-200
5.3
2016-07-02 CVE-2016-2883 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-2882 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
network
low complexity
ibm CWE-200
4.3
2016-07-02 CVE-2016-2872 Path Traversal vulnerability in IBM products
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
5.3