IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.