Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-02 | CVE-2016-2883 | Cross-site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387. | 5.4 |
| 2016-07-02 | CVE-2016-2882 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | 4.3 |
| 2016-07-02 | CVE-2016-2872 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | 5.3 |
| 2016-07-02 | CVE-2016-0400 | Unspecified vulnerability in IBM Websphere Extreme Scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 6.1 |
| 2016-07-02 | CVE-2016-0399 | Cross-site Scripting vulnerability in IBM Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-07-02 | CVE-2016-0398 | Improper Input Validation vulnerability in IBM Cognos Analytics 11.0.0 IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. | 4.3 |
| 2016-07-02 | CVE-2016-0387 | Cross-site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | 5.4 |
| 2016-07-01 | CVE-2016-0365 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. | 5.9 |
| 2016-07-01 | CVE-2016-0364 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters. | 4.3 |
| 2016-06-30 | CVE-2016-0349 | Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | 6.5 |