Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-17 | CVE-2016-0393 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | 5.3 |
| 2016-07-17 | CVE-2016-0321 | Information Exposure vulnerability in IBM Personal Communications IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. | 6.2 |
| 2016-07-15 | CVE-2016-2865 | Information Exposure vulnerability in IBM products The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request. | 6.5 |
| 2016-07-15 | CVE-2016-0357 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
| 2016-07-15 | CVE-2016-0339 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | 5.6 |
| 2016-07-15 | CVE-2016-0338 | Information Exposure vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process. | 6.2 |
| 2016-07-15 | CVE-2016-0269 | Cross-site Scripting vulnerability in IBM Bigfix Platform Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-07-08 | CVE-2016-2888 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350. | 5.4 |
| 2016-07-08 | CVE-2016-0350 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. | 5.4 |
| 2016-07-08 | CVE-2016-0314 | Unspecified vulnerability in IBM Jazz Reporting Service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 6.5 |