Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-01 | CVE-2016-2994 | Cross-site Scripting vulnerability in IBM Urbancode Deploy Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-12-01 | CVE-2016-2991 | Cross-site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-12-01 | CVE-2016-2955 | Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-11-30 | CVE-2016-2881 | 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters. | 6.5 |
| 2016-11-30 | CVE-2016-2869 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL. | 5.4 |
| 2016-11-30 | CVE-2016-8222 | Improper Access Control vulnerability in Lenovo products A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. | 4.4 |
| 2016-11-30 | CVE-2016-5987 | Improper Input Validation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. | 5.3 |
| 2016-11-30 | CVE-2016-5905 | Cross-site Scripting vulnerability in IBM Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-11-30 | CVE-2016-5890 | Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | 5.3 |
| 2016-11-30 | CVE-2016-3057 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2 Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |