Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6044 | Improper Access Control vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. | 4.3 |
| 2017-02-01 | CVE-2016-6040 | Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | 5.0 |
| 2017-02-01 | CVE-2016-6039 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2 IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-6034 | Information Exposure vulnerability in IBM Tivoli Storage Manager for Virtual Environments Data Protection for VMWare IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | 6.8 |
| 2017-02-01 | CVE-2016-6030 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-6028 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | 4.3 |
| 2017-02-01 | CVE-2016-6020 | Open Redirect vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-02-01 | CVE-2016-6000 | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-5994 | Information Exposure vulnerability in IBM Infosphere Information Server 11.5 IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | 6.5 |
| 2017-02-01 | CVE-2016-5990 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | 6.3 |