Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-01 | CVE-2015-7456 | Information Exposure vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | 6.5 |
| 2016-01-01 | CVE-2015-7409 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. | 5.4 |
| 2016-01-01 | CVE-2015-7445 | Information Exposure vulnerability in IBM products IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses. | 4.3 |
| 2016-01-01 | CVE-2015-7415 | Cross-site Scripting vulnerability in IBM Urbancode Deploy Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-01-01 | CVE-2015-5049 | SQL Injection vulnerability in IBM Openpages GRC Platform SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.4 |
| 2016-01-01 | CVE-2015-4943 | Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. | 5.3 |
| 2016-01-01 | CVE-2015-4941 | Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | 5.3 |
| 2016-01-01 | CVE-2015-7441 | Code vulnerability in IBM Business Process Manager and Websphere Process Server Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 6.8 |
| 2015-12-31 | CVE-2015-7447 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. | 5.3 |
| 2015-12-21 | CVE-2015-5001 | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document. | 4.3 |