Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-5898 | 7PK - Security Features vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. | 4.3 |
| 2017-02-01 | CVE-2016-5897 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2 IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. | 5.4 |
| 2017-02-01 | CVE-2016-5896 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. | 5.3 |
| 2017-02-01 | CVE-2016-5884 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-5882 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-5880 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-01 | CVE-2016-3043 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-02-01 | CVE-2016-3035 | Information Exposure vulnerability in IBM Security Appscan Source 9.0.1/9.0.2/9.0.3 IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. | 5.3 |
| 2017-02-01 | CVE-2016-3034 | Inadequate Encryption Strength vulnerability in IBM Security Appscan Source 9.0.1/9.0.2/9.0.3 IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. | 4.4 |
| 2017-02-01 | CVE-2016-3027 | XXE vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.5 |