Skip to main content
CVE-2016-2996 MEDIUM This Month

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-0325 MEDIUM This Month

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Rational Team Concert
NVD
CVSS 3.0
6.3
EPSS
0.5%
CVE-2016-0284 MEDIUM This Month

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Rational Software Architect Design Manager Rational Collaborative Lifecycle Management +5
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-0282 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Lotus Inotes
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2864 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Quality Manager Rational Engineering Lifecycle Manager Rational Team Concert +4
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0285 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0273 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Collaborative Lifecycle Management +4
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0378 LOW Monitor

IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
3.7
EPSS
0.4%
CVE-2016-0372 LOW Monitor

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Rational Team Concert Rational Quality Manager Rational Software Architect Design Manager +4
NVD
CVSS 3.0
3.7
EPSS
0.3%
CVE-2016-0353 LOW Monitor

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-4961 LOW Monitor

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A. Rated low severity (CVSS 2.6). No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
2.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy