Skip to main content
CVE-2015-8508 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Bugzilla
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2015-1985 MEDIUM This Month

The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. Rated medium severity (CVSS 5.6). No vendor patch available.

IBM Authentication Bypass Mq Appliance M2000
NVD
CVSS 3.0
5.6
EPSS
0.0%
CVE-2015-5036 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5035 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5023 MEDIUM This Month

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-5017 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-5037 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Connections
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2015-2007 MEDIUM This Month

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2015-1971 MEDIUM This Month

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Rational Quality Manager Rational Engineering Lifecycle Manager Rational Team Concert +5
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5051 MEDIUM This Month

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Maximo Asset Management Essentials Maximo For Government +6
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy