Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2017-1178 | Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. | 6.1 |
| 2017-06-07 | CVE-2016-9710 | Information Exposure vulnerability in IBM Cognos Business Intelligence Server IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. | 5.3 |
| 2017-06-07 | CVE-2016-8939 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. | 5.5 |
| 2017-06-07 | CVE-2016-6089 | Improper Access Control vulnerability in IBM Websphere MQ 9.0.0.0/9.0.1 IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. | 5.5 |
| 2017-06-07 | CVE-2016-5960 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2017-06-07 | CVE-2016-5959 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. | 5.3 |
| 2017-06-07 | CVE-2016-3051 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. | 4.3 |
| 2017-06-07 | CVE-2016-3019 | Inadequate Encryption Strength vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 6.5 |
| 2017-06-07 | CVE-2016-0254 | XXE vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.5 |
| 2017-06-07 | CVE-2017-9501 | Reachable Assertion vulnerability in Imagemagick 7.0.57 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | 6.5 |