Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-7402 Cross-site Scripting vulnerability in IBM Curam Social Program Management 6.1
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-02 CVE-2015-5020 Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Biginsights
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-01-02 CVE-2015-4996 Information Exposure vulnerability in IBM Rational Clearquest
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
local
high complexity
ibm CWE-200
5.1
2016-01-02 CVE-2015-4990 Information Exposure vulnerability in IBM Tealeaf Customer Experience
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
local
high complexity
ibm CWE-200
4.0
2016-01-01 CVE-2015-7456 Information Exposure vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
network
low complexity
ibm CWE-200
6.5
2016-01-01 CVE-2015-7409 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.
network
low complexity
ibm CWE-79
5.4
2016-01-01 CVE-2015-7445 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
network
low complexity
ibm CWE-200
4.3
2016-01-01 CVE-2015-7415 Cross-site Scripting vulnerability in IBM Urbancode Deploy
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-01 CVE-2015-5049 SQL Injection vulnerability in IBM Openpages GRC Platform
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
5.4
2016-01-01 CVE-2015-4943 Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
network
low complexity
ibm CWE-17
5.3