Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords. Rated low severity (CVSS 1.9). No vendor patch available.