Skip to main content
CVE-2016-5878 MEDIUM PATCH This Month

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Filenet Workplace
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-2989 MEDIUM PATCH This Month

Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Authentication Bypass Connections Portlets
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0361 MEDIUM PATCH This Month

IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Microsoft General Parallel File System
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3059 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Tivoli Storage Flashcopy Manager For Sql Server Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-5331 MEDIUM PATCH This Month

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Code Injection Vcenter Server ESXi
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2914 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE File Upload Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
3.3%
CVE-2016-2912 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3054 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Filenet Workplace
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0280 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Information Server Framework Infosphere Information Governance Catalog Infosphere Information Server Business Glossary
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2925 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-1474 MEDIUM This Month

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Infrastructure
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy