Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-18 CVE-2015-4942 Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943.
network
low complexity
ibm CWE-399
5.3
2016-01-17 CVE-2015-7469 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.
network
low complexity
ibm CWE-264
4.3
2016-01-17 CVE-2015-7468 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-01-17 CVE-2015-7467 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-17 CVE-2015-7414 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-17 CVE-2015-4960 7PK - Security Features vulnerability in IBM Infosphere Master Data Management
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-254
4.1
2016-01-11 CVE-2015-7399 Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.
network
low complexity
ibm CWE-200
5.3
2016-01-03 CVE-2015-5051 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-01-03 CVE-2015-5037 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
5.4
2016-01-03 CVE-2015-5036 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035.
network
low complexity
ibm CWE-79
5.4