Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-18 CVE-2016-0201 Information Exposure vulnerability in IBM Security Network Protection Firmware 5.3.1/5.3.2
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
network
high complexity
ibm CWE-200
5.9
2016-01-18 CVE-2015-5009 Cross-site Scripting vulnerability in IBM Websphere Commerce
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-18 CVE-2015-5008 Cross-site Scripting vulnerability in IBM Websphere Commerce
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-01-18 CVE-2015-5002 Cross-site Scripting vulnerability in IBM Host On-Demand
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-01-18 CVE-2015-4959 Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-01-18 CVE-2015-4942 Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943.
network
low complexity
ibm CWE-399
5.3
2016-01-17 CVE-2015-7469 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.
network
low complexity
ibm CWE-264
4.3
2016-01-17 CVE-2015-7468 Permissions, Privileges, and Access Controls vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-01-17 CVE-2015-7467 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-01-17 CVE-2015-7414 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4