Skip to main content
CVE-2016-6039 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6030 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5951 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5948 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5899 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5942 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8911 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8934 MEDIUM PATCH This Month

IBM WebSphere Application Server is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2924 MEDIUM PATCH This Month

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0218 MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Business Intelligence
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0217 MEDIUM PATCH This Month

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0265 MEDIUM PATCH This Month

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Campaign
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5897 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3023 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-8977 MEDIUM This Month

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-8982 MEDIUM PATCH This Month

IBM InfoSphere Information Server stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Datastage
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6117 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6080 MEDIUM PATCH This Month

The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5896 MEDIUM PATCH This Month

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +3
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-3035 MEDIUM PATCH This Month

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6040 MEDIUM PATCH This Month

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Session Fixation IBM Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2016-3016 MEDIUM PATCH This Month

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2016-5949 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-3034 MEDIUM PATCH This Month

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-6122 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6028 MEDIUM PATCH This Month

IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2987 MEDIUM This Month

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Quality Manager Rational Rhapsody Design Manager +2
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-8912 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lms On Cloud
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-5898 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0320 MEDIUM PATCH This Month

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-6044 MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-3024 MEDIUM PATCH This Month

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
4.0
EPSS
0.1%
CVE-2016-3045 LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-0297 LOW Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-5953 LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-5938 LOW PATCH Monitor

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Kenexa Lms
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-0394 LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-0296 LOW PATCH Monitor

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-6001 LOW PATCH Monitor

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

SSRF IBM Information Disclosure Forms Experience Builder
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-8942 LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-3046 LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-3021 LOW Monitor

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-9703 LOW PATCH Monitor

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Session Fixation IBM Information Disclosure Security Identity Manager Virtual Appliance
NVD
CVSS 3.0
2.4
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy