Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-02 CVE-2016-0400 Unspecified vulnerability in IBM Websphere Extreme Scale
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
low complexity
ibm
6.1
2016-07-02 CVE-2016-0399 Cross-site Scripting vulnerability in IBM Maximo Asset Management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-0398 Improper Input Validation vulnerability in IBM Cognos Analytics 11.0.0
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
network
low complexity
ibm CWE-20
4.3
2016-07-02 CVE-2016-0387 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
network
low complexity
ibm CWE-79
5.4
2016-07-01 CVE-2016-0365 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
network
high complexity
ibm CWE-200
5.9
2016-07-01 CVE-2016-0364 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
network
low complexity
ibm CWE-200
4.3
2016-06-30 CVE-2016-0349 Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
network
low complexity
ibm CWE-284
6.5
2016-06-30 CVE-2016-0322 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.
network
low complexity
ibm CWE-79
5.4
2016-06-29 CVE-2016-0298 Information Exposure vulnerability in IBM Security Guardium
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-200
6.5
2016-06-28 CVE-2016-0229 Cross-site Scripting vulnerability in IBM Marketing Platform
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1