Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-01	CVE-2016-3005	Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010. network low complexity ibm CWE-79	5.4
2016-09-01	CVE-2016-2997	Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010. network low complexity ibm CWE-79	5.4
2016-09-01	CVE-2016-2995	Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010. network low complexity ibm CWE-79	5.4
2016-09-01	CVE-2016-2956	Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008. network low complexity ibm CWE-79	5.4
2016-09-01	CVE-2016-2954	Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008. network low complexity ibm CWE-79	5.4
2016-09-01	CVE-2016-0293	Cross-site Scripting vulnerability in IBM Bigfix Platform Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. network low complexity ibm CWE-79	6.1
2016-08-30	CVE-2016-0397	Information Exposure vulnerability in IBM Bigfix Webreports WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. network high complexity ibm CWE-200	5.9
2016-08-30	CVE-2016-0292	Information Exposure vulnerability in IBM Bigfix WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. local low complexity ibm CWE-200	5.5
2016-08-08	CVE-2016-5878	Open Redirect vulnerability in IBM Filenet Workplace Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network low complexity ibm CWE-601	6.8
2016-08-08	CVE-2016-3059	Information Exposure vulnerability in IBM products IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. local low complexity ibm CWE-200	6.2