Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-09 | CVE-2016-4910 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4909 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4908 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4906 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | 6.1 |
| 2017-06-09 | CVE-2016-7469 | Cross-site Scripting vulnerability in F5 products A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. | 5.4 |
| 2017-06-09 | CVE-2017-9523 | Cross-site Scripting vulnerability in Sophos web Appliance The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | 6.1 |
| 2017-06-08 | CVE-2017-1179 | Inadequate Encryption Strength vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2017-06-08 | CVE-2017-1140 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. | 5.4 |
| 2017-06-08 | CVE-2016-9736 | Information Exposure vulnerability in IBM Websphere Application Server 8.0/8.5/9.0 IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | 5.3 |
| 2017-06-08 | CVE-2016-8987 | Information Exposure vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6 IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | 4.3 |