Skip to main content
CVE-2016-5976 MEDIUM This Month

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2016-5395 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Apache Ranger
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2016-3000 MEDIUM PATCH This Month

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Connections
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2016-3639 MEDIUM This Month

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana Db
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2016-5945 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0248 LOW PATCH Monitor

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
3.7
EPSS
0.3%
CVE-2016-0379 LOW PATCH Monitor

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Denial Of Service Websphere Mq
NVD
CVSS 3.0
3.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy