Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-19 CVE-2015-7462 Information Exposure vulnerability in IBM Websphere MQ 8.0.0.4
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
local
low complexity
ibm CWE-200
4.4
2016-06-01 CVE-2016-0288 Unspecified vulnerability in IBM Security Appscan
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
6.5
2016-05-24 CVE-2016-0264 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
network
high complexity
suse ibm redhat CWE-119
5.6
2016-05-17 CVE-2016-0323 Improper Access Control vulnerability in IBM Bluemix
The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.
network
low complexity
ibm CWE-284
6.5
2016-05-17 CVE-2016-0306 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
high complexity
ibm CWE-200
5.9
2016-05-15 CVE-2016-0390 Cross-site Scripting vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-05-15 CVE-2016-0381 Improper Input Validation vulnerability in IBM Cognos TM1
IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.
network
low complexity
ibm CWE-20
4.3
2016-05-14 CVE-2015-8530 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Spss Statistics
Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument.
network
low complexity
ibm CWE-119
6.5
2016-04-28 CVE-2016-0211 Improper Input Validation vulnerability in IBM DB2 and DB2 Connect
IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.
network
low complexity
ibm CWE-20
4.3
2016-04-21 CVE-2016-0666 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
local
low complexity
redhat debian mariadb oracle opensuse ibm
5.5