Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-08 CVE-2016-2888 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0350 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0314 Unspecified vulnerability in IBM Jazz Reporting Service
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.
network
low complexity
ibm
6.5
2016-07-08 CVE-2016-0313 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.
network
low complexity
ibm CWE-79
5.4
2016-07-08 CVE-2016-0252 Information Exposure vulnerability in IBM Control Center and Sterling Control Center
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.
local
high complexity
ibm CWE-200
5.1
2016-07-07 CVE-2016-0389 Information Exposure vulnerability in IBM Websphere Application Server
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.3
2016-07-07 CVE-2016-0230 Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.
low complexity
ibm CWE-264
6.8
2016-07-03 CVE-2016-2862 Cross-site Scripting vulnerability in IBM Websphere Commerce
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-07-03 CVE-2016-0359 Unspecified vulnerability in IBM Websphere Application Server
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
low complexity
ibm
6.1
2016-07-03 CVE-2016-0346 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4