Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2015-8531 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-02-15 CVE-2015-7492 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Reference Data Management
Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-15 CVE-2015-7444 Information Exposure vulnerability in IBM Websphere Commerce 7.0.0.8/7.0.0.9
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.3
2016-02-15 CVE-2015-7398 Cross-site Scripting vulnerability in IBM Emptoris Contract Management
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-15 CVE-2015-4991 Information Exposure vulnerability in IBM Spss Modeler
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
local
low complexity
ibm CWE-200
4.0
2016-02-15 CVE-2015-4957 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-02-15 CVE-2015-2008 Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.
network
high complexity
ibm CWE-284
4.4
2016-02-15 CVE-2015-2005 Information Exposure vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
network
low complexity
ibm CWE-200
5.3
2016-02-08 CVE-2015-2012 Information Exposure vulnerability in IBM Websphere MQ
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
local
low complexity
ibm CWE-200
4.0
2016-01-27 CVE-2016-0209 Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
6.1