Skip to main content
CVE-2016-2933 MEDIUM This Month

Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Bigfix Remote Control
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2016-2937 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2950 MEDIUM This Month

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Bigfix Remote Control
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2881 MEDIUM PATCH This Month

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-3057 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2934 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Bigfix Remote Control
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3014 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Engineering Lifecycle Manager Rational Rhapsody Design Manager Rational Quality Manager +4
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2016-2869 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2935 MEDIUM PATCH This Month

The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-5905 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5987 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2932 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2940 MEDIUM This Month

Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2931 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5890 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-3004 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-8222 MEDIUM PATCH This Month

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Denial Of Service Authentication Bypass Thinkpad 10 Ella 2 Bios Thinkpad 11E Beema Bios +72
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-2958 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2957 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy