Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-03 CVE-2016-0221 Cross-site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-2968 Permissions, Privileges, and Access Controls vulnerability in IBM Security Qradar Incident Forensics
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2016-07-02 CVE-2016-2961 Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
network
low complexity
ibm CWE-200
5.3
2016-07-02 CVE-2016-2883 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-2882 Information Exposure vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
network
low complexity
ibm CWE-200
4.3
2016-07-02 CVE-2016-2872 Path Traversal vulnerability in IBM products
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
5.3
2016-07-02 CVE-2016-0400 Unspecified vulnerability in IBM Websphere Extreme Scale
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
low complexity
ibm
6.1
2016-07-02 CVE-2016-0399 Cross-site Scripting vulnerability in IBM Maximo Asset Management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-07-02 CVE-2016-0398 Improper Input Validation vulnerability in IBM Cognos Analytics 11.0.0
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
network
low complexity
ibm CWE-20
4.3
2016-07-02 CVE-2016-0387 Cross-site Scripting vulnerability in IBM Tririga Application Platform
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
network
low complexity
ibm CWE-79
5.4