Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-7442 Permissions, Privileges, and Access Controls vulnerability in IBM Installation Manager and Packaging Utility
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
local
high complexity
ibm CWE-264
7.0
2016-01-02 CVE-2015-7429 Information Exposure vulnerability in IBM products
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.
network
high complexity
ibm CWE-200
8.5
2016-01-02 CVE-2015-5018 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
network
high complexity
ibm CWE-78
8.0
2016-01-01 CVE-2015-7410 Code vulnerability in IBM Sterling B2B Integrator 5.2
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
7.4
2016-01-01 CVE-2015-7489 Permissions, Privileges, and Access Controls vulnerability in IBM Spss Statistics 22.0.0.2/23.0.0.2
IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.
local
low complexity
ibm CWE-264
7.8
2015-12-31 CVE-2015-5990 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Gs1900-10Hp Firmware 2.40
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
zyxel CWE-352
8.8
2015-12-31 CVE-2015-5987 Unspecified vulnerability in Zyxel Gs1900-10Hp Firmware 2.40
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
network
low complexity
zyxel
8.6
2015-12-31 CVE-2015-1947 Unspecified vulnerability in IBM Infosphere Biginsights
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.
local
high complexity
ibm
7.4
2015-12-31 CVE-2015-7284 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N and Nbg-418N Firmware
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
zyxel CWE-352
8.0
2015-12-31 CVE-2015-7283 Credentials Management vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
network
high complexity
zyxel CWE-255
8.1