Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-08 | CVE-2016-2945 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 8.5.5.8/8.5.5.9 The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document. | 7.5 |
| 2016-07-08 | CVE-2016-2889 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users. | 8.8 |
| 2016-07-08 | CVE-2016-0315 | Improper Access Control vulnerability in IBM Jazz Reporting Service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | 8.8 |
| 2016-07-08 | CVE-2016-0287 | 7PK - Security Features vulnerability in IBM I Access 7.1 IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | 7.8 |
| 2016-07-08 | CVE-2016-0271 | Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors. | 8.2 |
| 2016-07-07 | CVE-2016-2119 | Code Injection vulnerability in Samba libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | 7.5 |
| 2016-07-07 | CVE-2016-2923 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 7.5 |
| 2016-07-07 | CVE-2016-1443 | 7PK - Security Features vulnerability in Cisco AMP Threat Grid Appliance The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | 8.1 |
| 2016-07-07 | CVE-2016-1442 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0/3.1 The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | 8.8 |
| 2016-07-06 | CVE-2016-4979 | Improper Access Control vulnerability in Apache Http Server 2.4.18/2.4.19/2.4.20 The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | 7.5 |