Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-23 | CVE-2015-7417 | Cross-site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. | 5.4 |
| 2016-01-20 | CVE-2015-4951 | Improper Input Validation vulnerability in IBM Tivoli Storage Manager Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. | 5.3 |
| 2016-01-18 | CVE-2016-0201 | Information Exposure vulnerability in IBM Security Network Protection Firmware 5.3.1/5.3.2 GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | 5.9 |
| 2016-01-18 | CVE-2015-5009 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-01-18 | CVE-2015-5008 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-18 | CVE-2015-5002 | Cross-site Scripting vulnerability in IBM Host On-Demand Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-18 | CVE-2015-4959 | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-18 | CVE-2015-4942 | Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943. | 5.3 |
| 2016-01-17 | CVE-2015-7469 | Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role. | 4.3 |
| 2016-01-17 | CVE-2015-7468 | Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | 4.3 |